praudit(1M)

NAME

     praudit - print contents of an audit trail file

SYNOPSIS

     praudit [-lrsx] [-ddel] [filename...]

DESCRIPTION

     praudit reads the listed filenames (or standard input, if no
     filename  is  specified)  and  interprets  the data as audit
     trail records as defined in audit.log(4). By default, times,
     user  and  group  IDs (UIDs and GIDs, respectively) are con-
     verted to their ASCII representation. Record type and  event
     fields  are  converted to their ASCII representation. A max-
     imum of 100 audit files can  be  specified  on  the  command
     line.

OPTIONS

     The following options are supported:

     -ddel Use del as the field delimiter instead of the  default
           delimiter,  which  is  the  comma.  If del has special
           meaning for the shell, it must be quoted. The  maximum
           size of a delimiter is three characters. The delimiter
           is not meaningful and is not used when the  -x  option
           is specified.

     -l    Print one line per record.

     -r    Print records in their raw form.  Times,  UIDs,  GIDs,
           record  types,  and  events are displayed as integers.
           This option and the -s option are exclusive.  If  both
           are used, a format usage error message is output.

     -s    Print records in their short form. All numeric  fields
           are  converted to ASCII and displayed. The short ASCII
           representations for the record type and  event  fields
           are used. This option and the -r option are exclusive.
           If both are used, a format usage error message is out-
           put.

     -x    Print records in XML form. Tags are  included  in  the
           output  to  identify  tokens and fields within tokens.
           Output begins with a valid XML prolog, which  includes
           identification  of  the DTD which can be used to parse
           the XML.

FILES

     /etc/security/audit_event
           Audit event definition and class mappings.

     /etc/security/audit_class
           Audit class definitions.

     /usr/share/lib/xml/dtd
           Directory containing the verisioned  DTD  file  refer-
           enced in XML output, for example, adt_record.dtd.1.

     /usr/share/lib/xml/style
           Directory containing the versioned XSL file referenced
           in XML output, for example, adt_record.xsl.1.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|
    | Interface Stability         | See below                   |
    |_____________________________|_____________________________|

     The command stability is  evolving.  The  output  format  is
     unstable.

SEE ALSO

     bsmconv(1M),  audit(2),  getauditflags(3BSM),  audit.log(4),
     audit_class(4),  audit_event(4), group(4), passwd(4), attri-
     butes(5)

NOTES

     This functionality is available only if the  Basic  Security
     Module  (BSM)  has  been  enabled.  See bsmconv(1M) for more
     information.
Man(1) output converted with man2html