DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Displaying audit trail information

Specifying the auditmap directory

By default, the auditrpt command will access the audit map files in the /var/audit/auditmap directory. The -m option of the auditrpt command allows the administrator to specify the directory which contains the audit map files. For example, you might be processing a log file from an earlier release. In this case, you want the auditing subsystem to use the map files from that system, also. If you had moved those files to the directory /etc/audit/auditmap on this system, you would tell the auditing subsystem to use these map files by entering the following command:

auditrpt -m /etc/audit/auditmap . . .

We recommend that the audit map files be archived along with the audit event log files. This will allow for the accurate translation of the numeric data contained in the archived log files. In the scenario of processing archived log files, the -m option can be used to specify the directory that contains the archived map file.


Next topic: A quick reference to reporting audit data
Previous topic: The audit map file

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005