1praudit(1M)             System Administration Commands             praudit(1M)
2
3
4

NAME

6       praudit - print contents of an audit trail file
7

SYNOPSIS

9       praudit [-lrsx] [-ddel] [filename]...
10
11

DESCRIPTION

13       praudit  reads  the listed filenames (or standard input, if no filename
14       is specified) and interprets the data as audit trail records as defined
15       in  audit.log(4). By default, times, user and group IDs (UIDs and GIDs,
16       respectively) are converted to their ASCII representation. Record  type
17       and event fields are converted to their ASCII representation. A maximum
18       of 100 audit files can be specified on the command line.
19

OPTIONS

21       The following options are supported:
22
23       -ddel
24
25           Use del as the field delimiter instead of  the  default  delimiter,
26           which  is  the  comma. If del has special meaning for the shell, it
27           must be quoted. The maximum size of a delimiter  is  three  charac‐
28           ters.  The  delimiter is not meaningful and is not used when the -x
29           option is specified.
30
31
32       -l
33
34           Print one line per record.
35
36
37       -r
38
39           Print records in their raw form. Times, UIDs, GIDs,  record  types,
40           and  events  are  displayed as integers. This option is useful when
41           naming services are offline. The -r option and the  -s  option  are
42           exclusive.  If  both are used, a format usage error message is out‐
43           put.
44
45
46       -s
47
48           Display records in their short form. Numeric fields' ASCII  equiva‐
49           lents  are  looked  up  by  means  of  the sources specified in the
50           /etc/nsswitch.conf file (see nsswitch.conf(4)). All numeric  fields
51           are  converted  to ASCII and then displayed. The short ASCII repre‐
52           sentations for the record type and  event  fields  are  used.  This
53           option  and the -r option are exclusive. If both are used, a format
54           usage error message is output.
55
56
57       -x
58
59           Print records in XML form. Tags are included in the output to iden‐
60           tify  tokens  and  fields within tokens. Output begins with a valid
61           XML prolog, which includes identification of the DTD which  can  be
62           used to parse the XML.
63
64

FILES

66       /etc/security/audit_event
67
68           Audit event definition and class mappings.
69
70
71       /etc/security/audit_class
72
73           Audit class definitions.
74
75
76       /usr/share/lib/xml/dtd
77
78           Directory containing the verisioned DTD file referenced in XML out‐
79           put, for example, adt_record.dtd.1.
80
81
82       /usr/share/lib/xml/style
83
84           Directory containing the versioned XSL file referenced in XML  out‐
85           put, for example, adt_record.xsl.1.
86
87

ATTRIBUTES

89       See attributes(5) for descriptions of the following attributes:
90
91
92
93
94       ┌─────────────────────────────┬─────────────────────────────┐
95       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
96       ├─────────────────────────────┼─────────────────────────────┤
97       │Availability                 │SUNWcsu                      │
98       ├─────────────────────────────┼─────────────────────────────┤
99       │Interface Stability          │See below                    │
100       └─────────────────────────────┴─────────────────────────────┘
101
102
103       The command stability is evolving. The output format is unstable.
104

SEE ALSO

106       bsmconv(1M),  getent(1M),  audit(2), getauditflags(3BSM), getpwuid(3C),
107       gethostbyaddr(3NSL),     ethers(3SOCKET),     getipnodebyaddr(3SOCKET),
108       audit.log(4),    audit_class(4),    audit_event(4),    group(4),   nss‐
109       witch.conf(4), passwd(4), attributes(5)
110
111
112       See the section on Solaris Auditing  in  System  Administration  Guide:
113       Security Services.
114

NOTES

116       This  functionality  is  available only if the Solaris Auditing feature
117       has been enabled. See bsmconv(1M) for more information.
118
119
120
121SunOS 5.11                        26 Jul 2009                      praudit(1M)
Impressum