Selecting Records from the Audit Trail
Options to the auditreduce(1M) command enable you to select audit records based on file characteristics and record characteristics, as shown in the following table.
Table 3–1 Some Options to the auditreduce Command|
Characteristic |
Option(s) |
|---|---|
|
Time, date (start, finish) |
-d, -a, -f |
|
Host (system) ID |
-M, -h, -S |
|
Audit class |
-c |
|
Audit event |
-m |
|
Audit User ID – AUID |
-u |
|
Effective and Real User ID – EUID, RUID |
-e, -r |
|
Effective and Real Group ID – EGID, RGID |
-f, -g |
|
Process ID – PID |
-j |
|
Sensitivity label |
-s |
|
Filename |
filename |
Uppercase options select operations or parameters for files, and lowercase options select parameters for records. When piped through praudit, audit files processed by the auditreduce command are readable. Otherwise, they remain in binary format.
The merging and selecting functions of auditreduce are logically independent. The auditreduce command selects messages from the input files as the records are read, before the files are merged and written to disk.
- © 2010, Oracle Corporation and/or its affiliates