Glossary
Audit Aware Programs
Privileged programs that invoke either the audswitch system call to suspend system call auditing or the audwrite system call to generate
Audit Event
Also called an Audit Record. An event is an instance of a subject accessing an object. For example, a process opening a file or a user logging into a system. Audit records are generated when users make
audwrite(2).
Audit File
A file that stores audit records in binary format.
Audit Process Identifier (PID) Information Record (PIR)
An audit record written into the audit trail once for each process, containing information that remains constant throughout the lifetime of the process.
Audit Tag
A unique audit session ID that uniquely identifies (or tags) all audit records generated for a particular login session.
Audit Trail
All pieces of audit files that together store audit records in chronological order and provide a complete information trail for displaying or analysis.
On
Base Event
A particular system operation that is audited and
Event Category
A set of base events that affect a particular aspect of the system (for example, the creation of an object, such as a file, directory, special device file, and IPC object.)
Filtering
Any one of the following types of audit filtering:
System call
System call
24