System administrators can filter common sets of audit records by functional areas such as cpu, dev, file, or net. These functional areas are called audit tags and defined in the audit_tags database. Also, administrators can create and use their own audit tags.
List the audit tags – auditconfig -lstags
Verify the audit tags – auditconfig -chktags
View events in the audit record by audit tag – auditreduce -t audit-tag
View summaries of privileged events in the audit record by audit tag – admhist -t audit-tag
For further information, see the auditconfig(8), auditreduce(8), and admhist(8) man pages.