|
System Administration Commands | praudit(1M) |
| praudit - print contents of an audit trail file |
SYNOPSIS
| praudit [-lrs] [-ddel] [filename ...] |
|
praudit reads the listed filenames (or standard input, if no filename is specified) and interprets the data as audit trail
records as defined in audit.log(4). By default, times, user
and group IDs (UIDs and GIDs, respectively) are converted to their ASCII representation. Record type and
event fields are converted to their ASCII representation. A maximum of 100 audit files can be specified on the command line.
|
|
- -l
- Prints one line per record. The record type and event fields are always converted to their short ASCII representation as is done for the -s option.
- -r
- Print records in their raw form. Times, UIDs, GIDs, record types, and events
are displayed as integers. This option and the -s option are exclusive. If both are used, a format usage error message is output.
- -s
- Print records in their short form. All numeric fields are converted to ASCII and displayed. The short ASCII representations for the record type and event fields are used. This option and the -r option are exclusive. If both are used, a format usage error message
is output.
- -ddel
- Use del as the field delimiter instead of the default delimiter, which is the comma.
If del has special meaning for the shell, it must be quoted. The maximum size of a delimiter is four characters.
|
|
-
/etc/security/audit_event
-
-
/etc/security/audit_class
-
|
|
See attributes(5) for descriptions of the following
attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWcsu |
|
|
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
|
| |