Appendix D. AIX Audit Events

Table of Contents

Audit-Specific Events
Volume Server Events
Backup Server Events
Protection Server Events
Authentication Events
File Server and Cache Manager Interface Events
BOS Server Events
Volume Location Server Events

This Appendix provides a complete listing of the AFS events that can be audited on AIX file server machines. See Chapter Monitoring and Auditing AFS Performance for instructions on auditing AFS events on AIX file server machines.


Below is a list of the AFS events contained in the file /afs/usr/local/audit/events.sample. Each entry contains information on the event class, the name of the event, the parameters associated with the event, and a description of the event.

Most events have an associated error code that shows the outcome of the event (since each event is recorded after it occurs), an AFSName (the authentication identify of the requesting process), and a host ID (from which the request originated). Many events follow the RPC server entry calls defined in the AFS Programmer's Reference Manual.

Events are classed by functionality (this is AIX specific). Some events possibly fall into one of more of the following classes which are defined by the file /usr/afs/local/config.sample:

  • A (afsauthent): Authentication and Identification Events

  • S (afssecurity): Security Events

  • P (afsprivilege): Privilege Required Events

  • O (afsobjects): Object Creation and Deletion Events

  • M (afsattributes): Attribute modification

  • C (afsprocess): Process Control Events