|
|
The
-e
option of the
auditrpt
command is used to display
audit information for specific events.
The argument to the
-e
option may consist of one or more events or event classes.
Each event or event class must be separated by a comma.
A space will be interpreted as the end of the event list.
For example, to display all audit records for the date
event enter the following command:
auditrpt -e date
The operator ! may be used to signify all the
events except those listed.
For example, to exclude information about the
access,
open_rd,
and
status
events and to display information about all other events,
enter the following command:
auditrpt -e !access,open_rd,status
If an invalid event is given as input to the
-e
option,
auditrpt
will display the following message and terminates processing:
event type or class event does not exist
Events are validated against the information contained in the audit map files. Refer to the auditmap(1M) manual page for further information on the audit map files.