auditdp.1m (2010 09)
a
auditdp(1M) auditdp(1M)
-S filter_file Selectively process audit data based on the Audit DPMS configuration file specified
in filter_file . See also audit_dpms_filter (4). Only the audit data matching the
filtering criteria will be included in the target output. If the pathname is not abso-
lute, the pathname is assumed to be relative to
/etc/audit/dpms_filters
.
The
-s and -S options cannot both be specified. If neither the
-s nor -S option is
specified, all data from the input stream is processed.
-X [target] Write audit data in Extensible Markup Language (XML) format. The target is the
pathname of a file where to write the data. The file must not already exist. If the
target pathname is not absolute, the pathname is assumed to be relative to the
current directory. If the target is omitted,
auditdp writes the audit data to the
standard output. Further applying Extensible Stylesheet Language Transforma-
tions (XSLT) stylesheets with the resulting XML document can easily generate
"human-readable" documents, for example, web-based audit reports. Some sample
XSLT stylesheets can be found at the following directory:
/opt/audit/AudReport/xslts
There is also a sample script:
/opt/audit/AudReport/bin/audreport_generator
This script demonstrates how to use the auditdp command and the XSLT
stylesheets to generate a collection of web-based audit reports for regulation compli-
ance purposes. See the /opt/audit/AudReport/README
file for more infor-
mation about the script. See also audit_hpux_xml(5) for more information about
the DPMS service module for XML data.
-m module [source]
Read audit data from the source using the specified Audit DPMS service module.
The source is the pathname of a file where to read the data. If the source is omitted,
auditdp reads the audit data from the standard input. See the -M option descrip-
tion for an explanation of the module argument.
-n nevents Specify the number of events to display. If nevents is positive, process only the first
nevents events. If nevents is negative, process only the last nevents events. If -n is
not specified, all events are processed. This option requires one of the -M,
-P,or-
X options to be specified also.
-o option Specify the option (case insensitive) to be passed to the Audit DPMS framework
when reading from the source . To specify more than one option, use -o
multiple
times, or set option to a quoted string containing a list of options separated by
spaces. See the EXAMPLES section for some commonly used options, such as the
follow option and the no_dns option. See also audit_dpms (5) and the DPMS
service module manpages for a full list of supported options.
-p [source] Read portable format audit data. The source is the pathname of a file where to read
the data. If the source pathname is not absolute, the pathname is assumed to be
relative to the current directory. If the source is omitted, auditdp reads the audit
data from the standard input. See audit_hpux_portable(5) for more information
about the DPMS service module for the portable data.
-r [source] Read HP-UX raw audit data that was collected by the HP-UX auditing system (see
audit (5)). The source specifies the pathname to a file if the data was collected in
compatibility mode, or to a directory if the data was collected in regular mode. If
the source pathname is not absolute, the pathname is assumed to be relative to the
current directory. See audit_hpux_raw(5) for more information about the DPMS
service module for raw audit data.
-s filter_string Selectively process audit data based on the filter expression specified in the
filter_string . The filter string is typically in the form as follows:
({
+|-}attribute operator value;)+
where:
( )+ means one or more occurrences of the pattern that is in the parentheses.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010