auditdp.1m (2011 03)
a
auditdp(1M) auditdp(1M)
-R target Write audit data to a file in raw format. This option is allowed only when the
-r
option is also used; in other words, the input source must be HP-UX raw audit data
that was collected by the HP-UX auditing system (see audit (5)). The target is the
pathname of a file where to write the data. A target file must be specified and must
not already exist. If the target pathname is not absolute, then the target is assumed
to be relative to the current directory. See audit_hpux_raw(5) for more information
about the DPMS service module for raw audit data.
-S filter_file Selectively process audit data based on the Audit DPMS configuration file specified
in filter_file . See also audit_dpms_filter (4). Only the audit data matching the
filtering criteria will be included in the target output. If the pathname is not abso-
lute, the pathname is assumed to be relative to
/etc/audit/dpms_filters
.
The
-s and -S options cannot both be specified. If neither the
-s nor -S option is
specified, all data from the input stream is processed.
-X [target] Write audit data in Extensible Markup Language (XML) format. The target is the
pathname of a file where to write the data. The file must not already exist. If the
target pathname is not absolute, the pathname is assumed to be relative to the
current directory. If the target is omitted,
auditdp writes the audit data to the
standard output. Further applying Extensible Stylesheet Language Transforma-
tions (XSLT) stylesheets with the resulting XML document can easily generate
"human-readable" documents, for example, web-based audit reports. Some sample
XSLT stylesheets can be found at the following directory:
/opt/audit/AudReport/xslts
There is also a sample script:
/opt/audit/AudReport/bin/audreport_generator
This script demonstrates how to use the auditdp command and the XSLT
stylesheets to generate a collection of web-based audit reports for regulation compli-
ance purposes. See the /opt/audit/AudReport/README
file for more infor-
mation about the script. See also audit_hpux_xml(5) for more information about
the DPMS service module for XML data.
-m module [source]...
Read audit data from the source using the specified Audit DPMS service module.
The source is the pathname (or list of pathnames) of files containing audit data to
read. If the source is omitted, auditdp reads the audit data from the standard
input. See the -M option description for an explanation of the module argument.
-n nevents Specify the number of events to display. If nevents is positive, process only the first
nevents events. If nevents is negative, process only the last nevents events. If -n is
not specified, all events are processed. This option is allowed only when -M,
-P,or
-X is also specified.
-o option Specify the option (case insensitive) to be passed to the Audit DPMS framework
when reading from the source . To specify more than one option, use -o multiple
times, or set option to a quoted string containing a list of options separated by
spaces. See the EXAMPLES section for some commonly used options, such as the
follow option and the no_dns option. See also audit_dpms_api(3) and the
DPMS service module manpages for a full list of supported options.
-p [source]... Read portable format audit data. The source is the pathname (or list of pathnames)
of files containing audit data to read. If the source pathname is not absolute, the
pathname is assumed to be relative to the current directory. If the source is omit-
ted, auditdp reads the audit data from the standard input. See
audit_hpux_portable(5) for more information about the DPMS service module for
the portable data.
-r [source]... Read HP-UX raw audit data that was collected by the HP-UX auditing system (see
audit (5)). The source is the pathname (or list of pathnames) of files or directories
containing audit data to read. When more than one source is specified with the -r
option, the audit trail version should be the same for all sources. Merging old-
format and new-format audit trails is not supported and can lead to unexpected
results. If the source pathname is not absolute, the pathname is assumed to be
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: March 2011