|
|
The procedure for transferring an audit event log file has three steps.
First, the audit log is converted from native machine format to the portable
XDR format, using a command like the following:
cat /var/audit/0125054 | auditfltr -iN -oX > /var/audit/0125054.xfer
Second, the file is transferred to another machine. This can be done by transferring the file to magnetic media on one with cpio(1) and then restoring it with the same command on the other.
Third, the file is converted back to machine format with a command like
the following:
cat /var/audit/0125054.xfer | auditfltr -iX -oN > /var/audit/0125054
The auditfltr command accepts only audit log files as input. Except for the lid.internal file, all audit map files are in ASCII format and do not require conversion. The lid.internal binary file is not portable.