Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

auditstat(8)

Name

auditstat - display kernel audit statistics

Synopsis

auditstat [-n] [-v]
auditstat [-Z] [-z zone[,...]] [-T d | u] [-i interval [-c count]]

Description

auditstat displays kernel audit statistics. The fields displayed are as follows:

aud

The total number of audit records processed by the userland audit.

ctl

This field is obsolete.

drop

The total number of audit records that have been dropped. Records are dropped according to the kernel audit policy. See auditconfig(8), AUDIT_CNT policy for details.

enq

The total number of audit records put on the kernel audit queue.

gen

The total number of audit records that have been constructed (not the number written).

kern

The total number of audit records produced by user processes (as a result of system calls).

mem

The total number of Kbytes of memory currently in use by the kernel audit module.

nona

The total number of non-attributable audit records that have been constructed. These are audit records that are not attributable to any particular user.

rblk

The total number of times that the audit queue has blocked waiting to process audit data.

tot

The total number of Kbytes of audit data written to the audit trail.

wblk

The total number of times that user processes blocked on the audit queue at the high water mark.

wrtn

The total number of audit records written. The difference between enq and wrtn is the number of outstanding audit records on the audit queue that have not been written.

Options

–c count

Display the statistics a total of count times. If count is equal to zero, statistics are displayed indefinitely. A time interval must be specified.

–i interval

Display the statistics every interval where interval is the number of seconds to sleep between each collection.

–n

Display the number of kernel audit events currently configured.

–T u | d

Display a time stamp.

Specify u for a printed representation of the internal representation of time. See time(2). Specify d for standard date format. See date(1).

–v

Display the version number of the kernel audit module software.

–Z

Display statistics for all active zones. This option is only available in the global zone.

–z zone,...

Display statistics for the named zones. The named zones must be active. This option is only available in the global zone.

Exit Status

auditstat returns 0 upon success and 1 upon failure.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
See below

The command is Committed. The output is Not-an-Interface.

See Also

zoneadm(8), attributes(7)

Managing Auditing in Oracle Solaris 11.4