Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ audisp(1M) — HP-UX 8.05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audevent(1M)

audit(4)

audit(5)

cdf(4)

audisp(1M)

NAME

audisp − display the audit information as requested by the parameters

SYNOPSIS

audisp [−u username] [−e eventname] [−c syscall] [−p] [−f] [−l ttyid] [−t start_time] [−s stop_time] audit_filename(s) ...

DESCRIPTION

audisp analyzes and displays the audit information contained in the specified one or more audit files, audit_filename(s). The audit files are merged into a single audit trail in time order. Although the entire audit trail is analyzed, audisp allows you to limit the information displayed, by specifying options.  This command is restricted to privileged users. 

Each audit file specified can be a regular file or context-dependent file (CDF) consisting of several audit files from various cnodes (see cdf(4)). audisp recognizes a CDF and automatically merges all the files in the CDF into the audit trail. 

Any unspecified option is interpreted as an unrestricted specification.  For example, a missing −u username option causes all users’ audit information in the audit trail to be displayed as long as it satisfies all other specified options.  By the same principle, citing −t start_time without −s stop_time displays all audit information beginning from start_time to the end of the file. 

audisp without any options displays all recorded information from the start of the audit file to the end. 

Specifying an option without its required parameter results in error.  For example, specifying −e without any eventname returns with an error message. 

Options

−u username Specify the login name (username) about whom to display information. If no (username) is specified, audisp displays audit information about all users in the audit file. 

−e eventname Display audit information of the specified event types.  The defined event types are create, delete, moddac, modaccess, open, close, process, removable, login, admin, ipccreat, ipcopen, ipcclose, uevent1, uevent2, and uevent3 (see audevent(1M)).

−c syscall Display audit information about the specified system calls. 

−p Display only successful operations that were recorded in the audit trail.  No user event that results in a failure is displayed, even if username and eventname are specified. 

The −p and the −f options are mutually exclusive; do not specify both on the same command line.  To display both successful and failed operations, omit both −p and −f options. 

−f Display only failed operations that are recorded in the audit trail. 

−l ttyid Display all operations that occurred on the specified terminal (ttyid) and were recorded in the audit trail. By default, operations on all terminals are displayed.

−t start_time Display all audited operations occurring since start_time, specified as mmddhhmm[yy] (month, day, hour, minute, year). If no year is given, the current year is used. No operation in the audit trail occurring before the specified time is displayed.

−s stop_time Display all audited operations occurring before stop_time, specified as mmddhhmm[yy] (month, day, hour, minute, year). If no year is given, the current year is used. No operation in the audit trail occurring after the specified time is displayed.

AUTHOR

audisp was developed by HP. 

SEE ALSO

audevent(1M), audit(4), audit(5), cdf(4). 

Hewlett-Packard Company  —  HP-UX Release 8.05: June 1991

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026