1auditstat(1M) System Administration Commands auditstat(1M)
2
6 auditstat - display kernel audit statistics
7
9 auditstat [-c count] [-h numlines] [-i interval] [-n]
10 [-T u | d ] [-v]
11
14 auditstat displays kernel audit statistics. The fields displayed are as
15 follows:
16 aud The total number of audit records processed by the audit(2)
18 system call.
19 ctl This field is obsolete.
22 drop The total number of audit records that have been dropped.
25 Records are dropped according to the kernel audit policy. See
26 auditon(2), AUDIT_CNT policy for details.
27 enq The total number of audit records put on the kernel audit
30 queue.
31 gen The total number of audit records that have been constructed
34 (not the number written).
35 kern The total number of audit records produced by user processes
38 (as a result of system calls).
39 mem The total number of Kbytes of memory currently in use by the
42 kernel audit module.
43 nona The total number of non-attributable audit records that have
46 been constructed. These are audit records that are not attrib‐
47 utable to any particular user.
48 rblk The total number of times that the audit queue has blocked
51 waiting to process audit data.
52 tot The total number of Kbytes of audit data written to the audit
55 trail.
56 wblk The total number of times that user processes blocked on the
59 audit queue at the high water mark.
60 wrtn The total number of audit records written. The difference
63 between enq and wrtn is the number of outstanding audit records
64 on the audit queue that have not been written.
65
68 -c count Display the statistics a total of count times. If count
69 is equal to zero, statistics are displayed indefinitely.
70 A time interval must be specified.
71 -h numlines Display a header for every numlines of statistics
74 printed. The default is to display the header every 20
75 lines. If numlines is equal to zero, the header is never
76 displayed.
77 -i interval Display the statistics every interval where interval is
80 the number of seconds to sleep between each collection.
81 -n Display the number of kernel audit events currently con‐
84 figured.
85 -T u | d Display a time stamp.
88 Specify u for a printed representation of the internal
90 representation of time. See time(2). Specify d for stan‐
91 dard date format. See date(1).
92 -v Display the version number of the kernel audit module
95 software.
96
99 auditstat returns 0 upon success and 1 upon failure.
100
102 See attributes(5) for descriptions of the following attributes:
103 ┌─────────────────────────────┬─────────────────────────────┐
108 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
109 ├─────────────────────────────┼─────────────────────────────┤
110 │Availability │SUNWcsu │
111 └─────────────────────────────┴─────────────────────────────┘
112
114 auditconfig(1M), praudit(1M), bsmconv(1M), audit(2), auditon(2),
115 attributes(5)
116
118 The functionality described in this man page is available only if
119 Solaris Auditing has been enabled. See bsmconv(1M) for more informa‐
120 tion.
121SunOS 5.11 16 Jun 2009 auditstat(1M)