Lines Matching +full:security +full:- +full:events

30 .Nd "pseudo-device for live audit event tracking"
39 provide a reliable long-term store for audit log information, current log
41 unwieldy for live monitoring applications such as host-based intrusion
47 direct access to live BSM audit data for the purposes of real-time
64 Audit pipe devices are blocking by default, but support non-blocking I/O,
77 .Bl -tag -width ".Dv AUDITPIPE_GET_MAXAUDITDATA"
104 matched by the system-wide audit trail, configured by
107 alternative criteria, including pipe-local flags and naflags settings, as
108 well as auid-specific selection masks.
109 This allows applications to track events not captured in the global audit
114 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_MODE"
126 .Bl -tag -width ".Dv AUDITPIPE_PRESELECT_MODE_TRAIL"
133 as well as a set of per-auid masks.
146 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_NAFLAGS"
148 Retrieve the current default preselection flags for attributable events on
157 Set the current default preselection flags for attributable events on the
166 Retrieve the current default preselection flags for non-attributable events
175 Set the current default preselection flags for non-attributable events on the
204 Once called, events associated with the specified auid will use the default
227 The OpenBSM implementation was created by McAfee Research, the security
238 The Basic Security Module (BSM) interface to audit records and audit event
243 manual page for information on audit-related bugs and limitations.
249 The per-pipe audit event queue is fifo, with drops occurring if either the