audit_report Aegis audit_report
NAME
audit_report - dump audit log files
SYNOPSIS
audit_report [ -all ] log_file_name ...
DESCRIPTION
The audit_report command displays an audit log file in text form. You
can redirect the output as ASCII text to another file. To cut down on
the amount of data, you can also filter the output by using the standard
grep and awk utilities.
You can use audit_report only with log files collected via the audit
command's -collect option. audit_report does not work with active log
files.
The filenames for collected log files take the form audit_log.date-
time.node_id where date-time is the date and time at which the log file
was started (in yymmddhhmmss format) and node_id is the hexadecimal node
ID of the node from which you collected the file.
ARGUMENTS
log_file_name ...
Specifies pathname of the log file(s) to be printed.
More than one pathname may be specified.
OPTIONS
The audit command provides the following option:
[-all]
Specifies that the audit report tool is to display all the
audit records in the log file. If not specified, the audit tool
filters out dir_resolve event records, as these are recorded
only for the purpose of helping to display path names in
audit records in place of unique identifiers (UIDs).
EXAMPLES
The following examples illustrate how the audit_report command works:
⊕ To display the contents of an audit log file that was started on March
27, 1989, (890327) at 6:29 and 54 seconds p.m. (182954), on node
12130:
$ audit_report audit_log.890327182954.12130
⊕ To redirect the output to a file called log_file1:
$ audit_report audit_log.890327182954.12130 > log_file1
⊕ To create an output file that contains only event records associated
with event types in the access category:
$ audit_report audit_log.890327182954.12130 | grep 'access'
> log_file2
SEE ALSO
audit