DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Displaying audit trail information

Displaying information by event

The -e option of the auditrpt command is used to display audit information for specific events. The argument to the -e option may consist of one or more events or event classes. Each event or event class must be separated by a comma. A space will be interpreted as the end of the event list. For example, to display all audit records for the date event enter the following command:

auditrpt -e date

The operator ! may be used to signify all the events except those listed. For example, to exclude information about the access, open_rd, and status events and to display information about all other events, enter the following command:

auditrpt -e !access,open_rd,status

If an invalid event is given as input to the -e option, auditrpt will display the following message and terminates processing:

event type or class event does not exist

Events are validated against the information contained in the audit map files. Refer to the auditmap(1M) manual page for further information on the audit map files.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004