audit_hpux_raw.5 (2010 09)
a
audit_hpux_raw(5) audit_hpux_raw(5)
NAME
audit_hpux_raw - Audit DPMS service module for managing HP-UX raw audit data
SYNOPSIS
/usr/lib/security/$ISA/libaudit_hpux_raw.so
/usr/lib/security/$ISA/libaudit_hpux_raw.sl
DESCRIPTION
The raw DPMS service module reads binary raw audit data that the HP-UX auditing system collects (see
audit (5)). The current release of this module supports HP-UX raw audit data collected on HP-UX 11iv3
and all future releases.
Applications call the Audit DPMS switch interfaces described in audit_dpms_api(3). The switch then
dynamically loads and calls the corresponding interfaces in this module, in the case where the application
selects the raw DPMS module.
See audit_dpms_spi(3) for a description of the interfaces supported by DPMS service modules. The raw
service module provides the following interfaces:
audit_dpm_start()
audit_dpm_end()
audit_dpm_read_event()
It returns AUDIT_DPMS_UNSUPPORTED
from audit_dpm_write_event().
Options
In addition to the options that are described in audit_dpms_api(3), the following options are also sup-
ported.
follow Do not terminate when the last event has been read; wait for and read data as it
becomes available.
no_dns Do not attempt to contact the Internet domain name server (DNS) to resolve Inter-
net Addresses to host names. Host name resolution can be very time consuming, so
use this option if you desire to skip this step for better performance.
Raw Data Format
See audit (4) for a brief overview of the raw audit data format. The exact format of the raw audit data is
subject to change from release to release. HP does not recommend application developers to parse the
binary raw audit data directly, but to use the Audit DPMS APIs (covered in audit_dpms_api(3)) to access
the data.
SEE ALSO
auditdp(1M), audit_dpms_api(3), audit_dpms_spi(3), audit_dpms(5).
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1