Formats bin or stream audit records to a display device or printer.
auditpr [ -m "Message" ] [ -t { 0 | 1 | 2 } ] [ -h { e l R t c r p P T d h } ] [ -r ] [ -v ]
The auditpr command is part of the audit subsystem. This command reads audit records, in bin or stream format, from standard input and sends formatted records to standard output.
The output format is determined by the flags that are selected. If you specify the -m flag, a message is displayed before each heading. Use the -t and -h flags to change the default header titles and fields and the -v flag to append an audit trail. The auditpr command searches the local /etc/passwd file to convert user and group IDs to names.
An example of output using default header information follows:
event login status time command login dick OK Fri Feb;8 14:03:57 1990 login . . . . . tail portion . . . . .
For examples of audit tails, see the /etc/security/audit/events file where audit tail formats are defined.
Invalid records are skipped when possible, and an error message is issued. If the command cannot recover from an error, processing stops.
-t{0 | 1 | 2} | Specifies when header titles are displayed. The default title consists of an optional message (see the -m flag) followed by the name of each column of output. |
0 | Ignores any title. |
1 | Displays a title once at the beginning of a series of records. |
2 | Displays a title before each record. |
Access Control: This command should grant execute (x) access to the root user and members of the audit group. The command should be setuid to the root user and have the trusted computing base attribute.
Mode | File |
---|---|
r | /etc/security/audit/events |
r | /etc/passwd |
r | /etc/group |
/usr/sbin/auditpr -v < /audit/trailThe /audit/trail file must contain valid audit bins or records.
/usr/sbin/auditselect -e"login == witte"\ /audit/trail | auditpr -vThe resulting record is formatted with the default values ( e, c, l, R, and t) and includes a tail.
/usr/sbin/auditstream | /usr/sbin/auditpr -t0 -heRl
/usr/sbin/auditpr | Specifies the path of the auditpr command. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/audit/events | Contains the audit events of the system. |
/etc/security/audit/objects | Contains audit events for audited objects (files). |
/etc/security/audit/bincmds | Contains auditbin backend commands. |
/etc/security/audit/streamcmds | Contains auditstream commands. |
/etc/security/audit/hosts | Contains the CPU ID to host name mappings. |
The audit command, auditcat command, auditconv command, auditselect command, auditstream command.
The auditbin daemon.
The audit subroutine.
The events file.
For general information on auditing, refer to Auditing Overview in AIX Version 4.3 System Management Guide: Operating System and Devices.
To see the steps you must take to establish an Auditing System, refer to Setting up Auditing in AIX Version 4.3 System Management Guide: Operating System and Devices.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX Version 4.3 System Management Guide: Operating System and Devices.