praudit man page on SmartOS

praudit man page on SmartOS

Man page or keyword search:
man Server 16655 pages
apropos Keyword Search (all sections)
Output format

PRAUDIT(1M) PRAUDIT(1M)

NAME
praudit - print contents of an audit trail file

SYNOPSIS
praudit [-lrsx] [-ddel] [filename]...

DESCRIPTION
praudit reads the listed filenames (or standard input, if no filename
is specified) and interprets the data as audit trail records as defined
in audit.log(4). By default, times, user and group IDs (UIDs and GIDs,
respectively) are converted to their ASCII representation. Record type
and event fields are converted to their ASCII representation. A maximum
of 100 audit files can be specified on the command line.

OPTIONS
The following options are supported:

-ddel

Use del as the field delimiter instead of the default delimiter,
which is the comma. If del has special meaning for the shell, it
must be quoted. The maximum size of a delimiter is three charac‐
ters. The delimiter is not meaningful and is not used when the -x
option is specified.

-l

Print one line per record.

-r

Print records in their raw form. Times, UIDs, GIDs, record types,
and events are displayed as integers. This option is useful when
naming services are offline. The -r option and the -s option are
exclusive. If both are used, a format usage error message is out‐
put.

-s

Display records in their short form. Numeric fields' ASCII equiva‐
lents are looked up by means of the sources specified in the
/etc/nsswitch.conf file (see nsswitch.conf(4)). All numeric fields
are converted to ASCII and then displayed. The short ASCII repre‐
sentations for the record type and event fields are used. This
option and the -r option are exclusive. If both are used, a format
usage error message is output.

-x

Print records in XML form. Tags are included in the output to iden‐
tify tokens and fields within tokens. Output begins with a valid
XML prolog, which includes identification of the DTD which can be
used to parse the XML.

FILES
/etc/security/audit_event

Audit event definition and class mappings.

/etc/security/audit_class

Audit class definitions.

/usr/share/lib/xml/dtd

Directory containing the verisioned DTD file referenced in XML out‐
put, for example, adt_record.dtd.1.

/usr/share/lib/xml/style

Directory containing the versioned XSL file referenced in XML out‐
put, for example, adt_record.xsl.1.

ATTRIBUTES
See attributes(5) for descriptions of the following attributes:

┌────────────────────┬─────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────┤
│Interface Stability │ See below │
└────────────────────┴─────────────────┘

The command stability is evolving. The output format is unstable.

SEE ALSO
bsmconv(1M), getent(1M), audit(2), getauditflags(3BSM), getpwuid(3C),
gethostbyaddr(3NSL), ethers(3SOCKET), getipnodebyaddr(3SOCKET),
audit.log(4), audit_class(4), audit_event(4), group(4), nss‐
witch.conf(4), passwd(4), attributes(5)

See the section on Solaris Auditing in System Administration Guide:
Security Services.

NOTES
This functionality is available only if the Solaris Auditing feature
has been enabled. See bsmconv(1M) for more information.

Jul 26, 2009 PRAUDIT(1M)

[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]

Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................

Vote for polarhome