Auditing system overview
This section describes the HP-UX Auditing System architecture and provides a high-level description of the major HP-UX Auditing System components. For a complete introduction and overview of HP-UX Auditing System, see audit(5).
Architecture
Figure 1 shows the main user-space and kernel-space components of the HP-UX Auditing System on HP-UX 11i v2 and 11i v3. Components that are only available on HP-UX 11i v3 are labeled.
Figure 1. HP-UX Auditing System Architecture
HP-UX Auditing System consists of commands, daemons, configuration files, data files, libraries, kernel modules, and system calls. The following HP-UX Auditing System components are standard on HP-UX 11i v2 and 11i v3.
Commands
•audsys(1M) — Starts and halts the auditing system, sets and displays the auditing system status information, and specifies the primary and secondary audit trails and their size switches.
•audevent(1M) — Changes and displays the auditing selection status of profiles, events, and system calls.