Skip to main content

3.10.2 Understanding Audit Terms


3.10.2 Understanding Audit Terms
Table 3-24 lists terms related to the XSCF audit settings.
Table 3-24  Audit-related Terms
Term Description
Audit Audit is the function of auditing system access. It is also referred to as auditing.
Audit event An audit event is a security-related system action that can be audited.
Multiple audit events can be specified by numeric value or name.
(e.g., AEV_LOGIN_SSH, LOGIN_SSH, 0, and all)
Audit class An audit class is a group of relevant audit events.
(e.g., audit events of login audit class: SSH login, Telnet login, HTTPS login, and logout)
Multiple audit classes can be specified.
(e.g., CS_AUDIT, AUDIT, 2, and all)
Audit record One audit record is information identifying one audit event. That includes event, event time, and other relevant information.
Audit records are stored in an audit file.
Audit log An audit log is the log files that store multiple audit records.  
An audit log has two areas: primary and secondary.
Audit trail An audit trail is also referred to as an audit log.
Users use the viewaudit command to analyze the content of each audit record in an audit log.
Audit policy The policy sets the type of audit records to be generated by specifying an audit event, audit class, or user.
It also specifies other settings, such as e-mail notification settings used when an audit log reaches full capacity.
Audit token An audit token is one field of an audit record. The audit token has a description of an audit event attribute, such as the user or privilege.