aucat – linux man page
aucat – prints audit records
USAGE
aucat [OPTIONS] [-f filename]
DESCRIPTION
Aucat prints audit records in a audit log file.
GENERAL OPTIONS
-f filename
Process audit records read from filename. The default file is
/var/log/audit.
-? Print out help screen.
FORMAT OPTIONS
-h Print out a header at the top of output that identifies the
columns of the output.
-t timeformat
Change the representation of time stamps. Valid options are
iso8601
print time in ISO 8601 format, i.e. as YYYY-MM-
DDThh:mm:ss.
unix print tine in standard ctime(3) format, i.e. DD MM YY
hh:mm:ss.
raw print time as number of seconds since Jan 1, 1970.
none do not print any time stamps.
The default format is iso8601.
-v Print out all variables in message, not all are printed by
default.
default:
Time, Seqence Number, PID, Login ID, Data
all: Time, Sequence Number, PID, Login ID, EUID, SUID, RUID,
FSUID, EGID, RGID, SGID, FSGID, Session Number, Data
EXAMPLE
The following example shows the default output of aucat (line breaks
were added to enhance readability):
2003-08-27T17:59:00 2 2444 root LOGIN: uid=0, terminal=cron
job, executable=/usr/sbin/cron
2003-09-29T19:45:01 22332 8859 root rt_sigaction(3, [data,
len=20], [data, len=0]); result=0
2003-09-29T19:45:01 22336 8858 root close("/lib/libc.so.6");
result=0
And the same records in verbose mode:
Audit trail generated on host Idoru
2003-08-27T17:59:00 2 2444 root 0 0 0 0
0 0 0 0 0
LOGIN: uid=0, terminal=cron job,
executable=/usr/sbin/cron
2003-09-29T19:45:01 22332 8859 root 0 0 0 0
0 0 0 0 41
rt_sigaction(3, [data, len=20],
[data, len=0]); result=0
2003-09-29T19:45:01 22336 8858 root 0 0 0 0
0 0 0 0 41
close("/lib/libc.so.6"); result=0
See laus-fields(7) for a description of the printed fields.
FILES
/var/log/audit - default location of audit log file
Leave a comment