summaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/man/audit.log.5
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/man/audit.log.5')
-rw-r--r--contrib/openbsm/man/audit.log.576
1 files changed, 36 insertions, 40 deletions
diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5
index d0f85ff..dac0067 100644
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#16 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#19 $
.\"
.Dd November 5, 2006
.Dt AUDIT.LOG 5
@@ -176,29 +176,27 @@ token can be created using
.Ss in_addr Token
The
.Dq in_addr
-token holds a network byte order IPv4 or IPv6 address.
+token holds a network byte order IPv4 address.
An
.Dq in_addr
token can be created using
.Xr au_to_in_addr 3
-for an IPv4 address, or
-.Xr au_to_in_addr_ex 3
-for an IPv6 address.
-.Pp
-See the
-.Sx BUGS
-section for information on the storage of this token.
+for an IPv4 address.
.Pp
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
-.It "IP Address Type 1 byte Type of address"
-.It "IP Address 4/16 bytes IPv4 or IPv6 address"
+.It "IP Address 4 bytes IPv4 address"
.El
.Ss Expanded in_addr Token
The
-.Dq expanded in_addr
-token ...
+.Dq in_addr_ex
+token holds a network byte order IPv4 or IPv6 address.
+An
+.Dq in_addr_ex
+token can be created using
+.Xr au_to_in_addr_ex 3
+for an IPv6 address.
.Pp
See the
.Sx BUGS
@@ -206,7 +204,8 @@ section for information on the storage of this token.
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
-.It XXXX
+.It "IP Address Type 1 byte Type of address"
+.It "IP Address 4/16 bytes IPv4 or IPv6 address"
.El
.Ss ip Token
The
@@ -230,15 +229,6 @@ token can be created using
.It "Source Address 4 bytes IPv4 source address"
.It "Destination Address 4 bytes IPv4 destination address"
.El
-.Ss Expanded ip Token
-The
-.Dq expanded ip
-token ...
-.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
-.It Sy "Field Bytes Description"
-.It "Token ID 1 byte Token ID"
-.It XXXX
-.El
.Ss iport Token
The
.Dq iport
@@ -556,13 +546,14 @@ token can be created using
.Ss Socket Token
The
.Dq socket
-token contains informations about UNIX domain and Internet sockets.
+token contains information about UNIX domain and Internet sockets.
Each token has four or eight fields.
-Depend on type of socket a socket token may be created using
+Depending on the type of socket, a socket token may be created using
.Xr au_to_sock_unix 3 ,
-.Xr au_to_sock_inet32 3 or
+.Xr au_to_sock_inet32 3
+or
.Xr au_to_sock_inet128 3 .
-.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
+.Bl -column -offset 3n ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
@@ -572,18 +563,18 @@ Depend on type of socket a socket token may be created using
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
-+.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain"
-+.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
-+.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)"
-+.It Li "Local port" Ta "2 bytes" Ta "Local port"
-+.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
-+.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
-+.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
+.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain"
+.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
+.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)"
+.It Li "Local port" Ta "2 bytes" Ta "Local port"
+.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
+.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
+.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
.El
.Ss Expanded Socket Token
The
.Dq expanded socket
-token ...
+token contains information about IPv4 and IPv6 sockets.
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
@@ -639,11 +630,18 @@ token ...
.Ss Zonename Token
The
.Dq zonename
-token ...
+token holds a NUL-terminated string with the name of the zone or jail from
+which the record originated.
+A
+.Dz zonename
+token can be created using
+.Xr au_to_zonename 3 .
+.Pp
.Bl -column -offset 3n ".No Terminal Address Type/Length" ".No N bytes + 1 NUL"
.It Sy "Field Bytes Description"
.It "Token ID 1 byte Token ID"
-.It XXXXX
+.It "Zonename length 2 bytes Length of zonename string including NUL"
+.It "Zonename N bytes + 1 NUL Zonename string including NUL"
.El
.Sh SEE ALSO
.Xr auditreduce 1 ,
@@ -676,7 +674,5 @@ and
.Dq in_addr_ex
token layout documented here appears to be in conflict with the
.Xr libbsm 3
-implementations of
-.Xr au_to_in_addr 3
-and
+implementation of
.Xr au_to_in_addr_ex 3 .
OpenPOWER on IntegriCloud