Network auditing
Network auditing is provided by TCP/IP, using the audit subsystem to audit application programs.
The purpose of auditing is to record those actions that affect the security of the system and the user responsible for those actions.
The following application events are audited:
- Access the network
- Connection
- Export data
- Import data
Creation and deletion of objects are audited by the operating system. Application audit records suspend and resume auditing to avoid redundant auditing by the kernel.