Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditfltr(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditmap(1M)

auditrpt(1M)






       auditfltr(1M)                                          auditfltr(1M)


       NAME
             auditfltr - convert audit log file for inter-machine
             portability

       SYNOPSIS
             auditfltr [[-iN] [-oX]] | [-iX -oN]

       DESCRIPTION
             The auditfltr command is used to convert audit log files from
             native machine format into XDR (External Data Representation)
             format and vice versa.  These conversions allow you to
             transport audit log files from one machine to another for
             processing with auditrpt.  You do not need to use auditfltr in
             all such instances.  If the two machines are the same
             architecture and are running the same version of auditing, you
             may simply copy the log files from the source machine to the
             destination machine.  If the two machines are of different
             architecture, or if they are not running the same version of
             auditing, you must use auditfltr as part of the copying
             procedure.

             The following options are available:

             -itype    Specifies the type of the input file.  The input
                       file is always standard in. Only one log file at a
                       time can be processed.

             -otype    Specifies the type of the output file.  The output
                       file is always standard out.  The output file should
                       be redirected, for example to a file or pipe, due to
                       its data format.

             The values for type may be N, for native machine format, or X,
             for XDR format.  If an invalid conversion type or combination
             of conversion types is requested an error message is displayed
             (see DIAGNOSTICS).  If no options are specified it is assumed
             the input file is in native machine format and the output file
             is in XDR format.  If the format of the input file does not
             match the type specified by the -i option or the assumed
             format an error message is displayed (see DIAGNOSTICS).

             The procedure for transferring an audit log file from one
             machine to another has basically three steps.  First, the
             audit log is converted from native machine format to the
             portable XDR format, using a command like the following:



                           Copyright 1994 Novell, Inc.               Page 1













      auditfltr(1M)                                          auditfltr(1M)


            cat /var/audit/1125103 | auditfltr -iN -oX > /var/tmp/1125103.xfer

            Second, the file is transferred to another machine.  This can
            be done by transferring the file to magnetic media on one with
            cpio or tcpio and then restoring it on the other.  Third, the
            file is converted back to machine format. If we assume, to
            avoid confusion with the destination machine's own audit log
            files, that we have created a subdirectory import under
            /var/audit, we might convert the file with a command like the
            following:

            cat /var/tmp/1125103.xfer | auditfltr -iX -oN > /var/audit/import/1125103

            Audit log files are identified by their version number.
            Conversion of log files of a particular version generally
            requires the presence of a specific auditfltr executable for
            that version.  The version number is automatically identified
            by auditfltr, and the proper version-specific auditfltr is
            automatically called.  If the required version-specific
            auditfltr is not present or is not executable, an error
            message is displayed (see DIAGNOSTICS).  See auditrpt(1M) for
            more about version numbers.

      NOTICES
            The auditfltr command accepts only audit log files as input.
            Note that each log file must be processed separately. Audit
            files cannot be concatenated together and the resulting data
            stream presented to auditfltr; this may yield incorrect
            results or errors.

      DIAGNOSTICS
            Upon successful completion, the auditfltr command exits with a
            value of zero (0).  If there are errors, it exits with one of
            the following values and prints the corresponding error
            message:

            1   usage: auditfltr [[-iN] [-oX]] | [-iX -oN]

                Invalid command syntax.

            1   conversion type type is not supported
                usage: auditfltr [[-iN] [-oX]] | [-iX -oN]

                The valid conversion types are X, for External Data
                Representation or N, for native machine format.



                          Copyright 1994 Novell, Inc.               Page 2













       auditfltr(1M)                                          auditfltr(1M)


             1   invalid combination of conversion types
                 usage: auditfltr [[-iN] [-oX]] | [-iX -oN]

             5   error manipulating file

                 File manipulation error occurred during a write or read
                 operation.

             5   could not obtain version number

                 Reading the version number from the input file failed.

             5   unknown audit version number

                 The version number of the input log file is invalid.
                 Valid version numbers are: 1.0, 2.0, 3.0, 4.0.

             13  bad log record type

                 Invalid record type encountered in the audit log file.

             24  unable to allocate space

             32  input file is in invalid format

                 The format of the audit log used as input does not match
                 the format specified by the -i option of the command.

             33  Version specific auditfltr not found: version

             33  Version specific auditfltr not executable: version

             39  XDR encryption of an audit record field failed

             39  XDR decryption of an audit record field failed

       FILES
             /var/audit/MMDD###

       REFERENCES
             auditmap(1M), auditrpt(1M)







                           Copyright 1994 Novell, Inc.               Page 3








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026