The auditreduce command can review several audit events with one iteration of the command. The auditreduce -m command accepts a one or more audit events, separated by a commas. The following example specifies three audit events from the audit trail.
$ auditreduce -m AUE_SYSTEMBOOT,6166,6153 | praudit | more file,2014-02-14 08:02:25.000-08:00, header,64,2,system booted,na,system1,2014-02-14 08:02:25.472-08:00 text,booting kernel header,54,2,init(8),na,system1,2014-02-14 08:05:36.440-08:00 text,booted return,success,0 header,52,2,system booted,na,system1.example.com,2014-02-14 08:31:29.330-08:00 text,booting kernel header,42,2,init(8),na,system1.example.com,2014-02-14 08:32:35.109-08:00 text,booted return,success,0 header,69,2,logout,,system1.example.com,2014-02-14 08:32:49.940-08:00 subject,jandoe,jandoe,staff,jandoe,staff,1075,2258250201,60120 5632 dhcp-whq-twvpn-2-vpnpool-10-159-180-35.vpn.example.com return,success,0 ...
For more information, see the auditreduce(8) man page.