audtrail(1m) Open Software Foundation audtrail(1m)
NAME [Toc] [Back]
audtrail - A dcecp object that converts the audit trail into a
readable format
SYNOPSIS [Toc] [Back]
audtrail help [operation | -verbose]
audtrail operations
audtrail show audit_trail_file_name_list [-to filename]
ARGUMENTS [Toc] [Back]
audit_trail_file_name_list
A list of one or more names of audit trail files. The names
are not the full pathnames, but only the residual file name.
operation The name of the audtrail operation for which to display help
information.
DESCRIPTION [Toc] [Back]
The audtrail object represents an audit trail file. This command
currently supports only one operation, which converts the audit trail
into a human readable format.
OPERATIONS [Toc] [Back]
audtrail help
Returns help information about the audtrail object and its operations.
The syntax is as follows:
audtrail help [operation | -verbose]
Options [Toc] [Back]
-verbose Displays information about the audtrail object.
Used without an argument or option, the audtrail help command returns
brief information about each audtrail operation. The optional
operation argument is the name of an operation about which you want
detailed information. Alternatively, you can use the -verbose option
for more detailed information about the audtrail object itself.
Privileges Required [Toc] [Back]
No special privileges are needed to use the audtrail help command.
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
audtrail(1m) Open Software Foundation audtrail(1m)
Examples [Toc] [Back]
dcecp> audtrail help
show Returns or files the contents of an audit trail file.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
audtrail operations
Returns a list of the operations supported by the audtrail object. The
syntax is as follows:
audtrail operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required [Toc] [Back]
No special privileges are needed to use the audtrail operations
command.
Examples [Toc] [Back]
dcecp> audtrail operations
show help operations
dcecp>
audtrail show
Returns the audit trail in a readable format. The syntax is as
follows:
audtrail show audit_trail_file_name_list [-to filename]
Options [Toc] [Back]
-to filename
Specifies the name of the file in which to store the audit
trail output.
The show operation returns the audit trail in a readable format. This
command takes as an argument a list of names of audit trail files. If
more than one name is given, the output of each audit trail is
concatenated and a blank line inserted between audit trails. The -to
option specifies a destination filename for the trail. If this option
is not present, the trail is returned from the command. If the option
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
audtrail(1m) Open Software Foundation audtrail(1m)
is present, this operation returns an empty string.
Because audit trail files can grow quite large, using the -to switch
is strongly recommended to avoid reading the entire trail into memory.
Note that when dcecp processes output, it sends the entire set of
returned information to an internal buffer before displaying it.
Therefore, when the output is directed to the screen, it can take a
long time to appear.
Privileges Required [Toc] [Back]
You must have r (read) permission on the audit trail file on the local
file system.
Examples [Toc] [Back]
dcecp> audtrail show my_trail
--- Start of an event record --- Event Number: 259
Client: /.../stp.gburg.ibm.com/hosts/drinkernisti/self
Event Outcome: success
Authorization Status: Authorized with a pac
Local Time: 1993-12-19-19:02:27.037-05:00I-----
--- End of an event record ---
.
.
.
--- Start of an event record --- Event Number: 266
Client: /.../stp.gburg.ibm.com/hosts/drinkernisti/self
Event Outcome: success
Authorization Status: Authorized with a pac
Local Time: 1993-12-19-19:02:28.819-05:00I-----
--- End of an event record ---
dcecp>
RELATED INFORMATION [Toc] [Back]
Commands: auditd(1m), dcecp(1m), dcecp_aud(1m), dcecp_audevents(1m),
dcecp_audfilter(1m).
Files: aud_audit_events(5), dts_audit_events(5), event_class(5),
sec_audit_events(5).
Hewlett-Packard Company - 3 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |