svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
admhist(8)
System Administration Commands admhist(8)
NAME
admhist - display a summary of system administration related events
successfully executed on the system
SYNOPSIS
admhist [-a date-time] [-b date-time] [-d date-time] [-z zonename]
[-u username] [-v] [-R pathname] [audit-trail-file]...
admhist [-a date-time] [-b date-time] [-d date-time] [-z zonename]
[-u username] [-v] -R pathname
DESCRIPTION
The admhist command displays a summary of the successful system admin‐
istration related events in ASCII format. By default, the events are
selected from the audit trail files under /var/audit. However, an
alternate audit directory can be specified by using the -R option, or
specific audit trail files can be specified on the command line. Only
users with the PRIV_FILE_DAC_READ privilege can use the admhist util‐
ity. If Trusted Extensions have been enabled, users must also have the
PRIV_SYS_TRANS_LABEL privilege. Both of these privileges are included
in the Audit Review rights profile.
OPTIONS
The following options are supported:
-a date-time
Selects administrative events that occurred on or after the date-
time. The date-time argument is described under the 'Time Formats'
section below. The -a and -b options can be used together to form a
range.
-b date-time
Selects administrative events that occurred before the date-time.
The date-time argument is described under the 'Time Formats' sec‐
tion below.
-d date-time
Selects administrative events that occurred on a specific day. The
date-time argument is described under the 'Time Formats' section
below.
-t [tags-file:]tag[,tag...]
Selects administrative events which match the definition for one or
more of the specified tags. See the audit_tags(5) man page for more
details on including information about default tag names.
-z zonename
Selects administrative events from the specified zone name. This
option only applies to administrative events generated when the
zonename audit policy has been enabled. For more information, refer
to the auditconfig(8) man page.
-u username/uid
Select events for the specified (audit) userid/username. Can be
specified multiple times to select events from multiple users.
-v
Verbose. Includes the hostname and current working directory asso‐
ciated with each administrative event.
-R
Specifies the pathname of an alternate directory containing audit
trail files.
Time Formats
The date-time argument to -a, -b, and -d options can be any one of the
following forms:
o An absolute date-time which has the following form:
yyyymmdd [ hh [ mm [ ss ]]]
where yyyy specifies a year (with 1970 as the earliest
value), mm is the month (value between 01 through 12), dd is
the day (value between 01 through 31), hh is the hour (value
between 00 through 23), mm is the minute (value between 00
through 59), and ss is the second (value between 00 through
59). The default value is 00 for hh, mm, and ss.
o Plain language descriptions of dates which have the follow‐
ing form:
today, yesterday
last week, last month, last year
last N hours, last N days, last N weeks, last N months,
last N years
where N is the number of units.
When entering commands at a shell prompt or in a shell
script, dates specified as multiple words will generally
need to be quoted in order for them to be treated as a sin‐
gle argument, as shown in the Examples below.
FILES
/var/audit/* The default location of audit trail files, when stored
locally by using audit_binfile(7).
EXAMPLES
Example 1 Displaying System Administration Events in a Zone
The following command displays the system administration events that
occurred in zone myzone.
# admhist -z myzone
Example 2 Displaying System Administration Events on the System
The following command displays the system administration events that
occurred on the system in the last eight hours.
# admhist -a "last 8 hours"
Example 3 Displaying System Administration Events from Past Week
The following command displays the system administration events that
occurred in the past week excluding yesterday.
# admhist -a "last week" -b yesterday
Example 4 Displaying Events in a Specific Audit Trail File
The following command displays the system administration events present
in a specific audit trail file.
# admhist /var/audit/20150507091957.20150521095216.hostname
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee
below
The interface stability of the admhist command is Committed. The inter‐
face stability of the output of admhist is Not-an-Interface.
SEE ALSO
audit.log(5), audit_tags(5), attributes(7), privileges(7), auditcon‐
fig(8), auditreduce(8)
Managing Auditing in Oracle Solaris 11.4
HISTORY
The admhist command was added in Oracle Solaris 11.4.0.
Oracle Solaris 11.4 21 Jun 2021 admhist(8)