sat_summarize - generate statistics on a stream of audit records
/bin/sat_summarize [ -bdelotuv ] [ -z timezone ] [ infile ]
sat_summarize prints a statistical summary of the audit trail to the
standard output device. Data is displayed either when end of file is
reached on input or when sat_summarize receives the SIGUSR1 signal.
Run time options determine the format of the printout and which
statistics are presented.
-b Print statistics in brief mode (default).
-d Debug mode. Prints out additional information about the audit
log file such as record and header size.
-e Display numbers of audit records found, by event type.
-f File descriptors are mapped to the filenames to which they apply
-l Linear mode. Display the statistics in a very terse one line
per record format.
-o Input (whether standard input or file input) is copied to
standard output. This option makes it possible to use
sat_summarize as one of a chain of audit tools connected by
-t Print average rate of audit trail generation, in records per
minute, and number of audit records generated in the last
-u Display numbers of audit records found, by user.
-v By default, zero valued entries from user or event lists are not
printed. The verbose option enables printing of zero valued
Set the timezone to that of the file.
infile Data is taken from infile. If infile is not specified, data is
taken, by default, from the standard input. The format of
infile is identical to the output generated by satd(1M) and
If no arguments are given, -e is assumed. sat_summarize displays the
numbers of audit records, broken down by event type.
sat_summarize is ordinarily used in combination with other audit filters.
To obtain audit records and display a complete statistical summary,
execute this command sequence:
satd -o -f /var/adm/sat | sat_summarize -t -e -u
audit(1M), kill(1), sat_interpret(1M), sat_reduce(1M), sat_select(1M),
IRIX Admin: Backup, Security, and Accounting
PPPPaaaaggggeeee 2222 [ Back ]