Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, August 8, 2018
 
 

admhist (8)

Name

admhist - display a summary of system administration related events successfully executed on the system

Synopsis

admhist [-a date-time] [-b date-time] [-d date-time] [-z zonename] 
                [-v] [-R pathname] [audit-trail-file]...
admhist [-a date-time] [-b date-time] [-d date-time] [-z zonename] 
                [-v] -R pathname

Description

The admhist command displays a summary of the successful system administration related events in ASCII format. By default, the events are selected from the audit trail files under /var/audit. However, an alternate audit directory can be specified by using the –R option, or specific audit trail files can be specified on the command line. Only users with the PRIV_FILE_DAC_READ privilege can use the admhist utility. If the Trusted Extensions have been enabled, users must have the PRIV_SYS_TRANS_LABEL privilege. Both these privileges are included in the Audit Review rights profile.

Options

The following options are supported:

–a date-time

Selects administrative events that occurred on or after the date-time. The date-time argument is described under the 'Time Formats' section below. The –a and –b options can be used together to form a range.

–b date-time

Selects administrative events that occurred before the date-time. The date-time argument is described under the 'Time Formats' section below.

–d date-time

Selects administrative events that occurred on a specific day. The date-time argument is described under the 'Time Formats' section below.

–t [tags-file:]tag[,tag...]

Selects administrative events which match the definition for one or more of the specified tags. See the audit_tags(5) man page for more details on including information about default tag names.

–z zonename

Selects administrative events from the specified zone name. This option only applies to administrative events generated when the zonename audit policy has been enabled. for more information, refer auditconfig(8) man page.

–v

Verbose. Includes the hostname, and current working directory associated with each administrative event.

–R

Specifies the pathname of an alternate directory containing audit trail files.

Time Formats

The date-time argument to –a, –b, and –d options can be any one of the following forms:

  • An absolute date-time which has the following form:

    yyyymmdd [ hh [ mm [ ss ]]]

    where yyyy specifies a year (with 1970 as the earliest value), mm is the month (value between 01 through 12), dd is the day (value between 01 through 31), hh is the hour (value between 00 through 23), mm is the minute (value between 00 through 59), and ss is the second (value between 00 through 59). The default value is 00 for hh, mm, and ss.

  • Plain language descriptions of dates which has the following form:

          today, yesterday 
          last week, last month, last year 
          last N hours, last N days, last N weeks, last N months, last N 
          years

    where N is the number of units.

Files

/var/audit/*

The default location of audit trail files, when stored locally by using audit_binfile(7).

Examples

Example 1 Displaying the System Administration Events Occurred in Zone myzone

The following command displays the system administration events that occurred in zone myzone.

# admhist -z myzone
Example 2 Displaying the System Administration Events Occurred on the System

The following command displays the system administration events that occurred on the system in the last eight hours.

# admhist -a "last 8 hours"
Example 3 Displaying the System Administration Events Occurred in the Past Week

The following command displays the system administration events that occurred in the past week excluding yesterday.

# admhist -a "last week" -b yesterday
Example 4 Displaying the System Administration Events Present in a Specific Audit Trail File

The following command displays the system administration events present in a specific audit trail file.

# admhist /var/audit/20150507091957.20150521095216.hostname

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
See below

The interface stability of admhist command is Committed. The interface stability of admhist command's output is Not-an-Interface.

See Also

audit.log(5), audit_tags(5), attributes(7), privileges(7), auditconfig(8), auditreduce(8)

Managing Auditing in Oracle Solaris 11.4