Go to main content

Managing Auditing in Oracle^® Solaris 11.4

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Managing Auditing in Oracle^® ... » Viewing Audit Records » New Feature – Filtering Audit Records by ...

Updated: November 2020

Managing Auditing in Oracle^® Solaris 11.4

Document Information

Using This Documentation

Chapter 1 About Auditing in Oracle Solaris

Chapter 2 Planning for Auditing

Chapter 3 Managing the Audit Service

Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored

Chapter 5 Viewing Audit Records

Displaying Audit Trail Data

Managing Audit Records on Local Systems

New Feature – Listing the Available Audit Classes

New Feature – Listing Audit Events by Audit Class

New Feature – Filtering Audit Records by Functional Area

New Feature – Reviewing Multiple Audit Events

New Feature – Viewing a Summary of Audit Records

New Feature – Displaying Auditing Data Graphically

Chapter 6 Analyzing and Resolving Audit Issues

Chapter 7 Auditing Reference

Audit Service Glossary

Language:

New Feature – Filtering Audit Records by Functional Area

System administrators can filter common sets of audit records by functional areas such as cpu, dev, file, or net. These functional areas are called audit tags and defined in the audit_tags database. Also, administrators can create and use their own audit tags.

List the audit tags – auditconfig -lstags
Verify the audit tags – auditconfig -chktags
View events in the audit record by audit tag – auditreduce -t audit-tag
View summaries of privileged events in the audit record by audit tag – admhist -t audit-tag

For further information, see the auditconfig(8), auditreduce(8), and admhist(8) man pages.

Copyright © 2002, 2020, Oracle and/or its affiliates.