Manualshelf

HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software
75767778798081828384
-e process-name
Displays all events for a specific process.
> file-name
Writes output to specified file.
It can take a few minutes to prepare the record for viewing when working with large audit logs.
When viewing your audit data, be aware of the following anomalies:
Audit data can appear inaccurate when programs that call auditable system calls supply
incorrect parameters. The audit data shows what the user program passed to the kernel. For
example, calling the kill system call with no parameters produces unpredictable values
in the parameter section of the audit record.
System calls that take file name arguments may not have device and inode information
properly recorded. The values will be zero if the call does not complete successfully.
Auditing the superuser while changing the event or system call parameters will result in a
long audit record. For example, when you add an event type to be audited, a record will be
produced for each event type and system call that has been enabled for audit, not just for
the new event type being added.
Examples of Using the audisp Command
The following examples show audit information displayed using the audisp command:
Display the log output on the screen:
#/usr/sbin/audisp audit_file
Direct the log output to /tmp/mylogoutput:
#/usr/sbin/audisp audit_file > /tmp/mylogoutput
View successful events only:
#/usr/sbin/audisp -p audit_file
View activities owned by user joe:
#/usr/sbin/audisp -u joe audit_file
View activities on terminal, ttypa:
#/usr/sbin/audisp -l ttypa audit_file
View login events only:
#/usr/sbin/audisp -e login audit_file
Auditing 81