Lists records from the audit log.
lsaudrec [ -h ] [ -n "Subsystem Name" ] [ -s "Selection_string" ] [ -x ] [ FieldName... ]
The lsaudrec command lists records in the audit log. The audit log is a system-wide facility for recording information about the system's operation. It can include information about the normal operation of the system as well as failures and other errors. It is meant to augment error log functionality by conveying the relationship of the error relative to other system activities. All detailed information about failures is still written to the error log.
Note: This command must be executed on the machine whose audit log is to be listed.
Records are created in the audit log by subsystems that have been instrumented to do that. For example, the Event Response subsystem runs in the background to monitor conditions defined by the administrator and then invokes one or more actions when a condition becomes true. Because this subsystem runs in the background, it is difficult for the operator or administrator to understand the total set of events that occurred and the results of any actions that were taken in response to an event. Because the Event Response subsystem records its activity in the audit log, the administrator can view Event Response subsystem activity as well as that of other subsystems through this command.
Each record in the audit log contains named fields. Each field contains a value that provides information about the situation corresponding to the record. For example, the Time field indicates when the situation occurred. Each record has a set of common fields and a set of subsystem-specific fields. The common fields are present in every record in the audit log. The subsystem-specific fields vary from record to record. Their names are only significant when used with a subsystem name because they may not be unique across all subsystems. Each record is derived from a template that defines what subsystem-specific fields are present in the record and defines a format string that is used to generate a message describing the situation. The format string may use record fields as inserts. A subsystem typically has many templates.
The field names may be used as variables in a selection string to choose which records are displayed. The selection string is matched against each record by using the referenced fields of each record to perform the match. Any records that match will be displayed. The selection string is specified with the -s flag.
A selection string is an expression composed of field names, constants and operators. The syntax of a selection string is very similar to an expression in the C programming language.
Field names may also be specified as operands to this command to choose which fields display and the order in which they display.
The common field names are:
In addition to the constants in expressions that are described in the selection string reference, the following syntax for dates and times may be used with this command.
The audit records considered for display and matched against the selection string can be restricted to a specific subsystem by using the -n flag. If this flag is present, then the subsystem-specific field names may be used in the selection string as well as the common field names.
The audit records are displayed in tabular format. If any of the field names are specified as operands, they control the fields that are displayed and the order in which they appear on each line. By default, the columns displayed are: date and time, name of the subsystem that generated the record, severity of the situation, and the subsystem-specific message that describes the situation.
-h | Writes help information about this script to standard out. No further processing is performed. |
-n "Subsystem Name" | Specifies a subsystem name. If this option is present, then only records from the subsystem identified by "Subsystem Name" are considered for display. The records displayed can be further restricted by the -s flag. If the subsystem name contains any spaces, it must be enclosed within single or double quotation marks. |
-s "Selection_String" | Specifies a Selection_String that is evaluated against each
record in the audit log. All records that match the
Selection_String are displayed.
If the Selection_String contains any spaces, it must be enclosed within single or double quotes. The names of fields within the record may be used in the expression. If the -n flag is not specified, then only the names of common fields may be used. See Description for a list of the field names and their data types. If the -n flag is present, the name of any field for the specified subsystem as well as the common field names may be used. If this flag is omitted, the records that are displayed depend on the -n option. If the -n option is omitted, all records from the audit log are displayed. Otherwise, all records for the subsystem identified by the -n option are displayed. |
-x | Suppresses header printing. |
0 | Command has run successfully |
1 | Error occurred with the RMC subsystem |
2 | Error occurred in CLI (command-line interface) program |
3 | Bad flag on command line |
4 | Bad operand on command line |
5 | User error |
All users may list records from the audit log.
lsaudrec
lsaudrec -s"Time>#000001"
lsaudrec -s'Subsystem=="abc"' Time SequenceNumber
/usr/bin/rsct/bin/lsaudrec | Location of the lsaudrec command |
The rmaudrec command.