Audit Time Now Reported in ISO 8601 Format

This feature is new in the Solaris Express 12/03 release.

The file and header tokens in audit records now report time in ISO 8601 format. For example, the output from the praudit command for the file token is as follows:

Old File Token:

file,Mon Oct 13 11:21:35 PDT 2003, + 506 msec, /var/audit/20031013175058.20031013182135.machine1

New File Token:

file,2003-10-13 11:21:35.506 -07:00, /var/audit/20031013175058.20031013182135.machine1

Old Header Token:

header,173,2,settppriv(2),,machine1, Mon Oct 13 11:23:31 PDT 2003, + 50 msec

New Header Token:

header,173,2,settppriv(2),,machine1, 2003-10-13 11:23:31.050 -07:00

The XML output has also changed. For example, the output from the praudit -x command formats the file token as follows:

<file iso8601="2003-10-13 11:21:35.506 -07:00">
/var/audit/20031013175058.20031013182135.machine1</file>

Customized scripts or tools that parse praudit output might need to be updated to accommodate this change.

For further information, see Chapter 27, “Solaris Auditing (Overview)” and “Changes to Solaris Auditing for the Solaris 10 Release” in the System Administration Guide: Security Services.