1praudit(1M) System Administration Commands praudit(1M)
2
3
4
6 praudit - print contents of an audit trail file
7
9 praudit [-lrsx] [-ddel] [filename]...
10
11
13 praudit reads the listed filenames (or standard input, if no filename
14 is specified) and interprets the data as audit trail records as defined
15 in audit.log(4). By default, times, user and group IDs (UIDs and GIDs,
16 respectively) are converted to their ASCII representation. Record type
17 and event fields are converted to their ASCII representation. A maximum
18 of 100 audit files can be specified on the command line.
19
21 The following options are supported:
22
23 -ddel
24
25 Use del as the field delimiter instead of the default delimiter,
26 which is the comma. If del has special meaning for the shell, it
27 must be quoted. The maximum size of a delimiter is three charac‐
28 ters. The delimiter is not meaningful and is not used when the -x
29 option is specified.
30
31
32 -l
33
34 Print one line per record.
35
36
37 -r
38
39 Print records in their raw form. Times, UIDs, GIDs, record types,
40 and events are displayed as integers. This option is useful when
41 naming services are offline. The -r option and the -s option are
42 exclusive. If both are used, a format usage error message is out‐
43 put.
44
45
46 -s
47
48 Display records in their short form. Numeric fields' ASCII equiva‐
49 lents are looked up by means of the sources specified in the
50 /etc/nsswitch.conf file (see nsswitch.conf(4)). All numeric fields
51 are converted to ASCII and then displayed. The short ASCII repre‐
52 sentations for the record type and event fields are used. This
53 option and the -r option are exclusive. If both are used, a format
54 usage error message is output.
55
56
57 -x
58
59 Print records in XML form. Tags are included in the output to iden‐
60 tify tokens and fields within tokens. Output begins with a valid
61 XML prolog, which includes identification of the DTD which can be
62 used to parse the XML.
63
64
66 /etc/security/audit_event
67
68 Audit event definition and class mappings.
69
70
71 /etc/security/audit_class
72
73 Audit class definitions.
74
75
76 /usr/share/lib/xml/dtd
77
78 Directory containing the verisioned DTD file referenced in XML out‐
79 put, for example, adt_record.dtd.1.
80
81
82 /usr/share/lib/xml/style
83
84 Directory containing the versioned XSL file referenced in XML out‐
85 put, for example, adt_record.xsl.1.
86
87
89 See attributes(5) for descriptions of the following attributes:
90
91
92
93
94 ┌─────────────────────────────┬─────────────────────────────┐
95 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
96 ├─────────────────────────────┼─────────────────────────────┤
97 │Availability │SUNWcsu │
98 ├─────────────────────────────┼─────────────────────────────┤
99 │Interface Stability │See below │
100 └─────────────────────────────┴─────────────────────────────┘
101
102
103 The command stability is evolving. The output format is unstable.
104
106 bsmconv(1M), getent(1M), audit(2), getauditflags(3BSM), getpwuid(3C),
107 gethostbyaddr(3NSL), ethers(3SOCKET), getipnodebyaddr(3SOCKET),
108 audit.log(4), audit_class(4), audit_event(4), group(4), nss‐
109 witch.conf(4), passwd(4), attributes(5)
110
111
112 See the section on Solaris Auditing in System Administration Guide:
113 Security Services.
114
116 This functionality is available only if the Solaris Auditing feature
117 has been enabled. See bsmconv(1M) for more information.
118
119
120
121SunOS 5.11 26 Jul 2009 praudit(1M)