Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditd(8)

adt(7)



  auditr(8)                           CLIX                           auditr(8)



  NAME

    auditr - Generates audit log reports

  SYNOPSIS

    auditr -c file [-hrFs] [-f files] [-z time] [-a time] [-p processes] [-u
    users] [-i events] [-e events]

  FLAGS

    -a time        Specifies date and time to start the report.  Date and time
                   must be in quotation marks.  Examples of valid times are as
                   follows:

                   ⊕  "yesterday 13:34"

                   ⊕  "29-feb 1988 12:01"

                   ⊕  "12/25/88 10:30"

    -c file        Specifies a file in adt format to use as input.  This file
                   is generated by the auditd command; it must be in binary
                   (not ASCII) form.

    -e events      Lists events to exclude from the report; all events except
                   these will appear in the report.  Events should either be
                   separated by a comma, or enclosed in quotation marks.
                   Valid events are open, link, unlink, exec, mount, and
                   umount.  This flag will not work with the -i flag.

    -f files       Lists files to check for accesses.

    -F             Lists only unsuccessful file accesses.

    -h             Displays a help screen.

    -i events      Lists events to include in the report; only these events
                   will appear in the report.  Events should either be
                   separated by a comma, or enclosed in quotation marks.
                   Valid events are open, link, unlink, exec, mount, and
                   umount.  This flag will not work with the -e flag.

    -L directory   Specifies an alternate directory to search for the
                   console.log file.

    -p processes   Lists programs on which to run a report.

    -r             Reports accesses made by remote users.  By default, auditr
                   reports accesses made by all users.




  2/94 - Intergraph Corporation                                              1







  auditr(8)                           CLIX                           auditr(8)



    -s             Lists only successful file accesses.

    -u users       Lists the users on which to run a report.

    -z time        Specifies the date and time to end the report.  Time must
                   be in quotes.

  DESCRIPTION

    The auditr command generates a report based on a file created by auditd in
    adt format.  By default, auditr will list every record in the input file.
    The report is sent to stdout.

  EXAMPLES

    1.  To report all events in /usr/adm/auditd.log, key in the following:

        auditr -c /usr/adm/auditd.log


    2.  To generate a report for a specific set of events in a specific time-
        frame, key in the following:

        auditr -c /usr/adm/auditd.log -a "yesterday 12:00" -i open,unlink

        The report generated will contain only open and unlink events that
        have occurred since 12:00 yesterday.

    3.  To report on a specific user, key in the following:

        auditr -c /usr/adm/auditd.log -u jdoe -f /etc/passwd -p login

        This report will only contain records where user jdoe accessed the
        file /etc/passwd using the process login.

  EXIT VALUES

    The auditr command exits with a value of 1 if a problem is encountered
    with the command-line arguments.

  RELATED INFORMATION

    Commands:  auditd(8)

    Files:  adt(7)









  2                                              Intergraph Corporation - 2/94

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026