A.11 Audit Service Management Events

Audit services have traditionally been classified by themselves because auditing represents a lower level activity than the security events which themselves are being audited. By classifying audit events separately, an entire category of endless-loop defects can be avoided. Developers instrumenting applications will probably never need to report these events, as they are generally reported by systems like OpenXDAS itself. However, they are documented here for the sake of completeness.

Table A-11 Audit Service Management Event Taxonomy

Event Name

Event Identifier

Corresponding eDir Event



Configure Audit Service

Configure audit service

Configuration data has been changed for an audit subsystem. OpenXDAS reports this event when a SIGHUP is received, indicating that the xdasd configuration file has been modified and should be re-read.

Audit Data Store Full

Audit datastore is full

This event is reported by OpenXDAS when an audit log is full, and can no longer accept additional audit records. Where possible, space is reserved for this event, in case it must be reported.

Audit Data Store Corrupted

Audit datastore is corrupted

This event is reported by OpenXDAS when the data store reports that an audit log has been corrupted. Generally, this condition is not detected unless a request is made to read an audit stream, and the audit log reports that it cannot be read due to corruption.