Lines Matching +full:stream +full:- +full:match +full:- +full:mask

30 .Nd "pseudo-device for live audit event tracking"
39 provide a reliable long-term store for audit log information, current log
41 unwieldy for live monitoring applications such as host-based intrusion
47 direct access to live BSM audit data for the purposes of real-time
53 of the audit event stream.
64 Audit pipe devices are blocking by default, but support non-blocking I/O,
77 .Bl -tag -width ".Dv AUDITPIPE_GET_MAXAUDITDATA"
97 process which may not match the interests of the user process.
104 matched by the system-wide audit trail, configured by
107 alternative criteria, including pipe-local flags and naflags settings, as
108 well as auid-specific selection masks.
114 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_MODE"
126 .Bl -tag -width ".Dv AUDITPIPE_PRESELECT_MODE_TRAIL"
133 as well as a set of per-auid masks.
146 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_NAFLAGS"
166 Retrieve the current default preselection flags for non-attributable events
175 Set the current default preselection flags for non-attributable events on the
191 the mask will be returned via
201 field to hold the desired preselection mask.
203 Delete the current preselection mask for a specific auid on the pipe.
205 flags mask.
239 stream format were defined by Sun Microsystems.
243 manual page for information on audit-related bugs and limitations.
249 The per-pipe audit event queue is fifo, with drops occurring if either the