svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
praudit(8)
System Administration Commands praudit(8)
NAME
praudit - print contents of an audit trail file
SYNOPSIS
praudit [-lrsx] [-ddel] [filename]...
DESCRIPTION
praudit reads the listed filenames (or standard input, if no filename
is specified) and interprets the data as audit trail records as defined
in the audit.log(5) man page. By default, times, user and group IDs
(UIDs and GIDs respectively) are converted to their ASCII representa‐
tion. Record type and event fields are converted to their ASCII repre‐
sentation. Only users with the PRIV_FILE_DAC_READ privilege can use the
praudit utility. If the Trusted Extensions have been enabled, users
must have the PRIV_SYS_TRANS_LABEL privilege. Both these privileges are
included in the Audit Review rights profile.
OPTIONS
The following options are supported:
-ddel
Use del as the field delimiter instead of the default delimiter,
which is the comma. If del has special meaning for the shell, it
must be quoted. The maximum size of a delimiter is three charac‐
ters. The delimiter is not meaningful and is not used when the -x
option is specified.
-l
Print one line per record.
-r
Print records in their raw form. Times, UIDs, GIDs, record types,
and events are displayed as integers. This option is useful when
naming services are offline. The -r option and the -s option are
exclusive. If both are used, a format usage error message is out‐
put.
-s
Display records in their short form. Numeric fields' ASCII equiva‐
lents are looked up by means of the sources specified in the
/etc/nsswitch.conf file (see nsswitch.conf(5)). All numeric fields
are converted to ASCII and then displayed. The short ASCII repre‐
sentations for the record type and event fields are used. This
option and the -r option are exclusive. If both are used, a format
usage error message is output.
-x
Print records in XML form. Tags are included in the output to iden‐
tify tokens and fields within tokens. Output begins with a valid
XML prolog, which includes identification of the DTD which can be
used to parse the XML.
FILES
/etc/security/audit_event
Audit event definition and class mappings.
/etc/security/audit_class
/etc/security/audit_class.system
Audit class definitions.
/usr/share/lib/xml/dtd
Directory containing the versioned DTD file referenced in XML out‐
put, for example, adt_record.dtd.1.
/usr/share/lib/xml/style
Directory containing the versioned XSL file referenced in XML out‐
put, for example, adt_record.xsl.1.
USAGE
To print a subset of audit records, use the auditreduce(8) utility to
filter the contents of the audit log to select records for printing
before passing them to praudit.
EXAMPLES
Example 1 Generating an HTML Report of All Login/Logout Events
# auditreduce -c lo /var/audit/* | praudit -x | xsltproc - > logins.html
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee
below.
The command stability is Committed. The output format is Uncommitted.
SEE ALSO
xsltproc(1), getpwuid(3C), audit.log(5), audit_class(5),
audit_event(5), group(5), nsswitch.conf(5), passwd(5), attributes(7),
privileges(7), auditrecord(8), auditreduce(8), getent(8)
Managing Auditing in Oracle Solaris 11.4.
Oracle Solaris 11.4 28 Jun 2021 praudit(8)