To Find an Audit Event

Use the message type selection for auditreduce (-m option) to find a particular audit event.

The -m option accepts either numeric message identifiers or AUE_xxxxx event names. The screen example below finds all kernel-level login events in the audit trail and displays them to standard output.

$ auditreduce -m AUE_LOGIN | praudit

The auditreduce command rejects an incorrect format, but does not describe the correct format.

Previous: To Display Audit Records Created Before or After a Designated Date
Next: To Combine Selected Audit Files