Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audadmin(1M)

audselect(1M)



audprint(1M)             DG/UX B2 Security R4.12MU02            audprint(1M)


NAME
       audprint - print audit trails in human-readable format

SYNOPSIS
       audprint [trailfile ]

   where:
       trailfile  The name of a file containing audit records

DESCRIPTION
       Audprint prints an audit trail in human-readable format.  If
       trailfile is not given on the command line, standard input is used.

       In addition to audit records, trail header records and trail tail
       records are printed, if present.  The trail header record includes
       the time the trail was started and the name of the previous trail
       file, if known.  The trail tail record contains the time the trail
       file ended and the name of the next trailfile, if known.  One trail
       file may contain more than one pair of trail header/tail records
       because trail records are generated each time auditing is stopped or
       started as well as each time auditing is switched to a new file.

       Audit records vary in content.  All audit records begin with values
       for authid (authentication id), class, event type, reason, errno, pid
       (process ID), and time of event.  The remainder of the record content
       depends on the event type and reason.

       If audprint encounters an incomplete record at the end of the file,
       it will print an appropriate error message.  The kernel audit
       subsystem writes audit records out in buffers of 8K bytes.  Thus, it
       will generally be the case that a specific audit record will span
       buffers.  If the system terminates abnormally while auditing is
       active, or if audprint is run against the current audit trail, it is
       to be expected that the end of the buffer will contain an incomplete
       audit record.  In cases where the current audit trail is being
       processed on a very active system, there is little that can be done
       to prevent the trailing incomplete message.  However, on a relatively
       quiescent system, the current partial kernel audit buffer can be
       forced out to the audit trail with the command audadmin -o flush.

EXAMPLES
       audprint /audit/trails/t911001
       audselect -s selectionfile trail1 | audprint

       The first command prints the contents of /audit/trails/t911001.  The
       second command prints the records selected by audselect(1M).

DIAGNOSTICS
       The exit status is 0 if the command was successful, 1 otherwise.

SEE ALSO
       audadmin(1M), audselect(1M).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026