auditstat(1M)

NAME

     auditstat - display kernel audit statistics

SYNOPSIS

     auditstat [-c count] [-h numlines] [-i interval] [-n] [-v]

DESCRIPTION

     auditstat  displays  kernel  audit  statistics.  The  fields
     displayed are as follows:

     aud   The total number of audit  records  processed  by  the
           audit(2) system call.

     ctl   This field is obsolete.

     drop  The total number  of  audit  records  that  have  been
           dropped.  Records  are dropped according to the kernel
           audit policy. See  auditon(2),  AUDIT_CNT  policy  for
           details.

     enq   The total number of audit records put  on  the  kernel
           audit queue.

     gen   The total number of audit records that have been  con-
           structed (not the number written).

     kern  The total number of audit  records  produced  by  user
           processes (as a result of system calls).

     mem   The total number of Kbytes of memory currently in  use
           by the kernel audit module.

     nona  The total number  of  non-attributable  audit  records
           that  have  been  constructed. These are audit records
           that are not attributable to any particular user.

     rblk  The total number of times that auditsvc(2) has blocked
           waiting to process audit data.

     tot   The total number of Kbytes of audit  data  written  to
           the audit trail.

     wblk  The total number of times that user processes  blocked
           on the audit queue at the high water mark.

     wrtn  The total number of audit records written. The differ-
           ence between enq and wrtn is the number of outstanding
           audit records on the audit queue that  have  not  been
           written.

OPTIONS

     -c count
           Display the statistics a  total  of  count  times.  If
           count is equal to zero, statistics are displayed inde-
           finitely.  A time interval must be specified.

     -h numlines
           Display a header for  every   numlines  of  statistics
           printed. The default is to display the header every 20
           lines. If numlines is equal to  zero,  the  header  is
           never displayed.

     -i interval
           Display the statistics every interval  where  interval
           is the number of seconds to sleep between each collec-
           tion.

     -n    Display the number of kernel  audit  events  currently
           configured.

     -v    Display the version number of the kernel audit  module
           software.

EXIT STATUS

     auditstat returns 0 upon success and 1 upon failure.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO

     auditconfig(1M), praudit(1M), bsmconv(1M),  audit(2),  audi-
     ton(2), auditsvc(2), attributes(5)

NOTES

     The functionality described in this man  page  is  available
     only  if  the  Basic Security Module (BSM) has been enabled.
     See  bsmconv(1M) for more information.
Man(1) output converted with man2html