To Display Audit Records Created Before or After a Designated Date

The date-time options -b and -a allow specifying records before or after a particular day and time. A day begins at yyyymmdd00:00:00 and ends at yyyymmdd23:59:59. The six parameters of a day are: year, month, day, hour, minute, and second. The digits (19) of the year are assumed and need not be specified.

The auditreduce -a command with the date shown in the following screen example sends all audit records created after midnight on July 15, 1997 through praudit to standard output.

$ auditreduce -a 97071500:00:00 | praudit

If -a is not specified, auditreduce defaults to 00:00:00, January 1, 1970.

The auditreduce -b command with the same date shown above sends all audit records created before midnight on July 15, 1997 through praudit to standard output.

$ auditreduce -b 97071500:00:00 | praudit

If -b is not specified, auditreduce defaults to the current time of day (GMT). The -d option selects a particular 24-hour period, as shown in "To Copy Login/Logout Messages to a Single File ".