Lines Matching +full:stream +full:- +full:mode +full:- +full:support

30 .Nd "pseudo-device for live audit event tracking"
39 provide a reliable long-term store for audit log information, current log
41 unwieldy for live monitoring applications such as host-based intrusion
47 direct access to live BSM audit data for the purposes of real-time
53 of the audit event stream.
64 Audit pipe devices are blocking by default, but support non-blocking I/O,
77 .Bl -tag -width ".Dv AUDITPIPE_GET_MAXAUDITDATA"
102 .Ss Audit Pipe Preselection Mode Ioctls
104 matched by the system-wide audit trail, configured by
107 alternative criteria, including pipe-local flags and naflags settings, as
108 well as auid-specific selection masks.
113 The following ioctls configure the preselection mode on an audit pipe:
114 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_MODE"
116 Return the current preselect mode on the audit pipe.
120 Set the current preselection mode on the audit pipe.
125 Possible preselection mode values are:
126 .Bl -tag -width ".Dv AUDITPIPE_PRESELECT_MODE_TRAIL"
133 as well as a set of per-auid masks.
137 After changing the audit pipe preselection mode, records selected under
141 .Ss Audit Pipe Local Preselection Mode Ioctls
145 preselection mode.
146 .Bl -tag -width ".Dv AUDITPIPE_GET_PRESELECT_NAFLAGS"
166 Retrieve the current default preselection flags for non-attributable events
175 Set the current default preselection flags for non-attributable events on the
232 Support for kernel audit first appeared in
239 stream format were defined by Sun Microsystems.
243 manual page for information on audit-related bugs and limitations.
249 The per-pipe audit event queue is fifo, with drops occurring if either the
252 It might be desirable to support partial reads of records, which would be