3.10.2 Understanding Audit Terms
3.10.2 Understanding Audit Terms
Table 3-24 lists terms related to the XSCF audit settings.
Term | Description |
---|---|
Audit | Audit is the function of auditing system access. It is also referred to as auditing. |
Audit event | An audit event is a security-related system action that can be audited. Multiple audit events can be specified by numeric value or name. (e.g., AEV_LOGIN_SSH, LOGIN_SSH, 0, and all) |
Audit class | An audit class is a group of relevant audit events. (e.g., audit events of login audit class: SSH login, Telnet login, HTTPS login, and logout) Multiple audit classes can be specified. (e.g., CS_AUDIT, AUDIT, 2, and all) |
Audit record | One audit record is information identifying one audit event. That includes event, event time, and other relevant information. Audit records are stored in an audit file. |
Audit log | An audit log is the log files that store multiple audit records. An audit log has two areas: primary and secondary. |
Audit trail | An audit trail is also referred to as an audit log. Users use the viewaudit command to analyze the content of each audit record in an audit log. |
Audit policy | The policy sets the type of audit records to be generated by specifying an audit event, audit class, or user. It also specifies other settings, such as e-mail notification settings used when an audit log reaches full capacity. |
Audit token | An audit token is one field of an audit record. The audit token has a description of an audit event attribute, such as the user or privilege. |
< Previous Page | Next Page >