Displaying information from the audit log
command allows the administrator
to display either the entire contents of a log file or selected portions of it.
In addition, audit information can be retrieved from
either the current log file or one or more previous
If no options or arguments are specified, the entire current
audit event log file will be displayed in the order in which events
Auditing must be enabled to view a current log file.
Selected portions of an audit event log file may be displayed based
on one or more of the following criteria:
Additionally, the -i option may be used to specify that the log file is to be
taken from standard input.
event type (-e option)
user id (-u option)
object id (-f option)
object type (-t option)
time interval (-s and/or -h options)
event status: failure or success (-a option)
privileges used (-p option)
miscellaneous event subtype (-v option)
LWP ID (-x option)
To further assist the administrator, the
command has the ability to
display the audit records in reverse chronological order (-b option)
display audit records as they are being written to the audit event
log file (-w option)
specify a directory containing the audit map files (-m option)
Combining reporting options
Format of auditrpt output
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005