diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-08-26 08:04:15 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-08-26 08:04:15 +0000 |
commit | 3dabba580bd939eae90efba54984d0c4de64eb3e (patch) | |
tree | 9d401b2c636de718f11aeab3de77ee3078b8e5b6 /contrib/openbsm/man | |
parent | 02d6c5b525eb33f2cb80e79944dc5182be119e2c (diff) | |
download | FreeBSD-src-3dabba580bd939eae90efba54984d0c4de64eb3e.zip FreeBSD-src-3dabba580bd939eae90efba54984d0c4de64eb3e.tar.gz |
Vendor import of OpenBSM 1.0 alpha 9, with the following change history
notes since the last import:
OpenBSM 1.0 alpha 9
- Rename many OpenBSM-specific constants and API elements containing the
strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
APIs, pass in the audit filter daemon state pointer, which is then used by
the module using an audit_filter_{get,set}cookie() API. This will allow
future service APIs provided by the filter daemon to maintain their own
state -- for example, per-module preselection state.
OpenBSM 1.0 alpha 8
- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.
This is an MFC candidate to RELENG_6.
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/man')
-rw-r--r-- | contrib/openbsm/man/audit.log.5 | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5 index b53b1fc..f6e28ab 100644 --- a/contrib/openbsm/man/audit.log.5 +++ b/contrib/openbsm/man/audit.log.5 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2005 Robert N. M. Watson +.\" Copyright (c) 2005-2006 Robert N. M. Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#9 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#10 $ .\" .Dd May 1, 2005 .Dt AUDIT.LOG 5 @@ -91,10 +91,14 @@ The token is used to mark the beginning of a complete audit record, and includes the length of the total record in bytes, a version number for the record layout, the event type and subtype, and the time at which the event occurred. -A +A 32-bit +.Dv header +token can be created using +.Xr au_to_header32 3 ; +a 64-bit .Dv header token can be created using -.Xr au_to_header32 3 . +.Xr au_to_header64 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" @@ -111,11 +115,14 @@ The token is an expanded version of the .Dv header token, with the addition of a machine IPv4 or IPv6 address. -The -.Xr libbsm 3 -API cannot currently create an -.Dv expanded header -token. +A 32-bit extended +.Dv header +token can be created using +.Xr au_to_header32_ex 3 ; +a 64-bit extended +.Dv header +token can be created using +.Xr au_to_header64_ex 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" @@ -154,11 +161,10 @@ A .Dv How to print field is present to specify how to print the data, but interpretation of that field is not currently defined. -The -.Xr libbsm 3 -API cannot currently create an +An .Dv arbitrary data -token. +token can be created using +.Xr au_to_data 3 . .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" .It Sy "Field" Ta Sy Bytes Ta Sy Description .It Li "Token ID" Ta "1 byte" Ta "Token ID" |