|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Security Services Oracle Solaris 11 Express 11/10|
The audit_binfile plugin creates binary audit files. Each binary audit file is a self-contained collection of records. The file's name identifies the time span during which the records were generated and the system that generated them.
Is the time that the first audit record in the audit file was generated
Is the time that the last record was written to the file
Is the name of the system that generated the file
For examples of not_terminated and closed audit file names, see How to Clean Up a not_terminated Audit File.
The timestamps in file names are used by the auditreduce command to locate records within a specific time range. These timestamps are important because there can be a month's accumulation or more of audit files online. To search all the files for records that were generated in the last 24 hours would be unacceptably expensive.
The start-time and end-time are timestamps with one-second resolution. They are specified in Coordinated Universal Time (UTC). The format is four digits for the year, followed by two digits for each month, day, hour, minute, and second, as follows:
The timestamps are in UTC to ensure that they sort in proper order, even across time zones. Because they are in UTC, the date and hour must be translated to the current time zone to be meaningful. Be aware of this point whenever you manipulate these files with standard file commands rather than with the auditreduce command.