Solaris BSM provides two tools that allow you to merge, select, view, and interpret audit records. The tools can be used directly or in conjunction with third-party application programs.
The auditreduce command allows you to choose sets of records to examine. For instance, you can select all records from the past 24 hours to generate a daily report; you can select all records generated by a specific user to examine that user's activities; or you can select all records caused by a specific event type to see how often that type occurs.
The praudit command allows you to display audit records interactively and create very basic reports. praudit displays records in one of several human-readable but otherwise non-interpreted forms. You may accomplish more sophisticated display and reporting by postprocessing the output from praudit (with sed or awk, for instance) or by writing programs that interpret and process the binary audit records.
The following sections describe the audit record format, the praudit, and auditreduce commands in more detail, and provide some hints and procedures for using the tools.