audit_hpux_portable.5 (2010 09)

audit_hpux_portable(5) audit_hpux_portable(5)

NAME

audit_hpux_portable - Audit DPMS service module for managing portable format audit data

SYNOPSIS

/usr/lib/security/$ISA/libaudit_hpux_portable.so

/usr/lib/security/$ISA/libaudit_hpux_portable.sl

DESCRIPTION

The portable DPMS service module reads and writes audit data in portable format. Portable format audit

data can be ported from system to system and is the recommended format for retention purposes.

Applications call the Audit DPMS switch interfaces described in audit_dpms_api(3). If the application

selects the portable DPMS module, the switch dynamically loads and calls the corresponding interfaces in

this module.

See audit_dpms_spi(3) for a description of the interfaces supported by DPMS service modules. The port-

able service module provides the following interfaces:

audit_dpm_start()

audit_dpm_end()

audit_dpm_read_event()

audit_dpm_write_event()

Options

In addition to the options that are described in audit_dpms_api(3), the following options are also sup-

ported.

follow Do not terminate when the last line of input data has been read; wait for and read data

as it becomes available.

sync When writing audit data, ﬂush output after each event. For information about ﬂush, see

fflush() in fclose (3s).

Portable Data Format

Data in a portable audit log consists of a series of events. Each event consists of one or more lines. Each

line consists of a token, followed by a number of ﬁelds separated by

#. Each line is terminated with a

new line character. The ﬁrst line of an event begins with an EVENT token. Events are terminated by a

";" token. In addition to events, the ﬁrst line of the portable audit log typically provides version and sys-

tem information.

In the following example there is one line of version information, followed by two events.

VERSION#v1.0#2#17.125.10.22#berlin.cup.hp.com

EVENT#field1#field2#field3#etc

token#field1#field2#field3#etc

;

EVENT#field1#field2#field3#etc

token#field1#field2#field3#etc

;

Some special characters in the ﬁelds are stored as a sequence of four characters, representing the ASCII

octal value of the character. For example, a # character in a ﬁeld is represented as \043.

AUTHOR

audit_hpux_portable was developed by the Hewlett-Packard Company.

PAGE 1
audit_hpux_portable(5) audit_hpux_portable(5) NAME audit_hpux_portable - Audit DPMS service module for managing portable format audit data SYNOPSIS /usr/lib/security/$ISA/libaudit_hpux_portable.so /usr/lib/security/$ISA/libaudit_hpux_portable.sl DESCRIPTION The portable DPMS service module reads and writes audit data in portable format. Portable format audit data can be ported from system to system and is the recommended format for retention purposes.
PAGE 2
(Notes) A (Notes) aA 2 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010