Displaying information from the audit log
The
auditrpt
command allows the administrator
to display either the entire contents of a log file or selected portions of it.
In addition, audit information can be retrieved from
either the current log file or one or more previous
log files.
If no options or arguments are specified, the entire current
audit event log file will be displayed in the order in which events
were recorded.
Auditing must be enabled to view a current log file.
Selected portions of an audit event log file may be displayed based
on one or more of the following criteria:
-
event type (-e option)
-
user id (-u option)
-
object id (-f option)
-
object type (-t option)
-
time interval (-s and/or -h options)
-
event status: failure or success (-a option)
-
privileges used (-p option)
-
miscellaneous event subtype (-v option)
-
LWP ID (-x option)
Additionally, the -i option may be used to specify that the log file is to be
taken from standard input.
To further assist the administrator, the
auditrpt
command has the ability to
-
display the audit records in reverse chronological order (-b option)
-
display audit records as they are being written to the audit event
log file (-w option)
-
specify a directory containing the audit map files (-m option)
Next topic:
Combining reporting options
Previous topic:
Format of auditrpt output
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005