auditdp.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

auditdp(1M) auditdp(1M)

NAME

auditdp - audit data processing tool

SYNOPSIS

Path: /usr/sbin/auditdp

/usr/sbin/auditdp

{-m module | -p | -r

}[source ]

[[

-M module | -P | -X][target]]

[

-s ﬁlter_string | -S ﬁlter_ﬁle]

[

-o read_options ]

[-O write_options]

[

-n nevents]

DESCRIPTION

The

auditdp command selectively reads audit data from the source and writes the data to the target ,

converting the data format in the process. The selectively read term means that

auditdp reads only

events that meet the ﬁltering criteria.

auditdp

discards events that do not meet the ﬁltering criteria.

The sequence is always read then write. Format conversion and data selection occurs as part of the

read/write. For ﬁltering information, see the -S option and audit_dpms_ﬁlter (4).

The

auditdp command uses the Audit DPMS framework and processes primarily HP-UX audit data

(see audit_dpms (5) and audit (5)). However, the command also allows you to plug in other DPMS service

modules for data collected from another source or in another format.

The

-m, -p, and -r options specify the format of the source data. Exactly one of

-m, -p,or-r options

must be speciﬁed for input.

The

-M, -P, and -X options specify the format of the target data. Specify exactly one of these options, or

none of them.

If none of the

-M, -P, and -X options are speciﬁed,

auditdp displays the data to standard output using

the same output format that the

audisp command uses. The audisp command will be obsolete in a

future release. See audisp (1M).

Options

The

auditdp command recognizes the following options:

-M module [target]

Write audit data to the target using the speciﬁed Audit DPMS service module. The

target is the pathname of a ﬁle where to write the data. The ﬁle must not already

exist. If the target is omitted, auditdp writes the audit data to the standard out-

put.

A module argument that begins with a slash (

/) speciﬁes an absolute path of an

Audit DPMS service module to load. If module does not begin with /, then the

module is assumed to reside in one of the following locations:

/usr/lib/security/module.sl

/usr/lib/security/pa20_64/module.sl

/usr/lib/security/hpux32/module.so

/usr/lib/security/hpux64/module.so

The format of the data is determined by the module . See also audit_dpms (5).

-O option Specify the options (case insensitive) to be passed to the Audit DPMS framework

when writing to the target . To specify more than one option, use -O multiple times,

or set the option to a quoted string containing a list of options separated by spaces.

See the EXAMPLES section for some commonly used options, such as the sync

option. See also audit_dpms (5) and the DPMS service module manpages for a full

list of supported options.

-P [target] Write audit data in portable format. Portable format audit data can be ported from

system to system and is the recommended format for retention purposes. The target

is the pathname of a ﬁle where to write the data. The ﬁle must not already exist. If

the target pathname is not absolute, then the target is assumed to be relative to the

current directory. If the target is omitted, auditdp writes the audit data to the

standard output. See audit_hpux_portable(5) for more information about the

DPMS service module for the portable data.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
auditdp(1M) auditdp(1M) NAME auditdp - audit data processing tool SYNOPSIS Path: /usr/sbin/auditdp /usr/sbin/auditdp {-m module | -p | -r} [source ] [[-M module | -P | -X] [target]] [-s filter_string | -S filter_file] [-o read_options ] [-O write_options] [-n nevents] A DESCRIPTION The auditdp command selectively reads audit data from the source and writes the data to the target , converting the data format in the process.
PAGE 2
auditdp(1M) -S filter_file auditdp(1M) Selectively process audit data based on the Audit DPMS configuration file specified in filter_file . See also audit_dpms_filter (4). Only the audit data matching the filtering criteria will be included in the target output. If the pathname is not absolute, the pathname is assumed to be relative to /etc/audit/dpms_filters. The -s and -S options cannot both be specified. If neither the -s nor -S option is specified, all data from the input stream is processed.
PAGE 3
auditdp(1M) auditdp(1M) See audit_dpms_filter (4) for more details about the supported attributes, operators, and types of values. You can also write a filter string in a more complex form, as long as the string is supported by the filter file. Only the audit data matching the filtering criteria will be included in the target output. The -s and -S options cannot both be specified. If neither -s nor -S is specified, all data from the input stream is processed.
PAGE 4
auditdp(1M) auditdp(1M) -XSL audreport_file_access.xsl \ -OUT file_access_history.html WARNINGS In the current release, neither the auditdp command nor the Audit DPMS framework validates whether or not a given option is supported. This feature may be provided in a future release. AUTHOR auditdp was developed by the Hewlett-Packard Company. A aA FILES /etc/audit/dpms_filters the default directory holding Audit DPMS filters for the auditdp command.