audtrail(1m)audtrail(1m)NAME
audtrail - A dcecp object that converts the audit trail into a readable
format
SYNOPSIS
audtrail help [operation | -verbose]
audtrail operations
audtrail show audit_trail_file_name_list [-to filename]
ARGUMENTS
A list of one or more names of audit trail files. The names are not
the full pathnames, but only the residual file name. The name of the
audtrail operation for which to display help information.
DESCRIPTION
The audtrail object represents an audit trail file. This command cur‐
rently supports only one operation, which converts the audit trail into
a human readable format.
OPERATIONS
audtrail help
Returns help information about the audtrail object and its operations.
The syntax is as follows: audtrail help [operation | -verbose]
Options Displays information about the audtrail object.
Used without an argument or option, the audtrail help command returns
brief information about each audtrail operation. The optional opera‐
tion argument is the name of an operation about which you want detailed
information. Alternatively, you can use the -verbose option for more
detailed information about the audtrail object itself.
Privileges Required
No special privileges are needed to use the audtrail help command.
Examples
dcecp> audtrail help show Returns or files the contents
of an audit trail file. help Prints a summary of com‐
mand-line options. operations Returns a list of the valid
operations for this command. dcecp>
audtrail operations
Returns a list of the operations supported by the audtrail object. The
syntax is as follows: audtrail operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required
No special privileges are needed to use the audtrail operations com‐
mand.
Examples
dcecp> audtrail operations show help operations dcecp>
audtrail show
Returns the audit trail in a readable format. The syntax is as fol‐
lows: audtrail show audit_trail_file_name_list [-to filename] Options
Specifies the name of the file in which to store the audit trail out‐
put.
The show operation returns the audit trail in a readable format. This
command takes as an argument a list of names of audit trail files. If
more than one name is given, the output of each audit trail is concate‐
nated and a blank line inserted between audit trails. The -to option
specifies a destination filename for the trail. If this option is not
present, the trail is returned from the command. If the option is
present, this operation returns an empty string.
Because audit trail files can grow quite large, using the -to switch is
strongly recommended to avoid reading the entire trail into memory.
Note that when dcecp processes output, it sends the entire set of
returned information to an internal buffer before displaying it.
Therefore, when the output is directed to the screen, it can take a
long time to appear.
Privileges Required
You must have r (read) permission on the audit trail file on the local
file system.
Examples
dcecp> audtrail show my_trail --- Start of an event record --- Event
Number: 259 Client: /.../stp.gburg.ibm.com/hosts/drinkernisti/self
Event Outcome: success Authorization Status: Authorized with a pac
Local Time: 1993-12-19-19:02:27.037-05:00I----- --- End of an event
record ---
.
.
. --- Start of an event record --- Event Number:
266 Client: /.../stp.gburg.ibm.com/hosts/drinkernisti/self Event Out‐
come: success Authorization Status: Authorized with a pac Local Time:
1993-12-19-19:02:28.819-05:00I----- --- End of an event record ---
dcecp>
RELATED INFORMATION
Commands: auditd(1m), dcecp(1m), dcecp_aud(1m), dcecp_audevents(1m),
dcecp_audfilter(1m).
Files: aud_audit_events(5), dts_audit_events(5), event_class(5),
sec_audit_events(5).
audtrail(1m)