Bash Cures Cancer
Learn the UNIX/Linux command line

Home     Man Pages     SpamDefeator 


AUREPORT:(8)	       System Administration Utilities		 AUREPORT:(8)



NAME
       aureport - a tool that produces summary reports of audit daemon logs

SYNOPSIS
       aureport [ options ]

DESCRIPTION
       aureport	 is  a tool that produces summary reports of the audit system
       logs. The reports have a column label at the top to help	 with  inter-
       pretation  of  the  various fields. Except for the main summary report
       (-r), all reports have the audit event number.  You  can	 subsequently
       lookup the full event with ausearch -a . You may need to
       specify start & stop times if you get multiple hits. The reports	 pro-
       duced  by aureport can be used as building blocks for more complicated
       analysis.


OPTIONS
       -a     Report about avc messages

       -c     Report about config changes

       -e     Report about events

       -f     Report about files

       --failed
	      Only select failed events for processing in  the	reports.  The
	      default is both success and failed events.

       -h     Report about hosts

       -i     Interpret	  numeric   entities  into  text. For example, uid is
	      converted to account name. The conversion	 is  done  using  the
	      current  resources   of	the machine where the search is being
	      run. If you have renamed the accounts, or don't have the	 same
	      accounts	on your machine, you could get misleading results.

       -if <file name>
	      Use the given file instead if the logs. This is to aid analysis
	      where the logs have been moved to another machine or only	 part
	      of a log was saved.

       -l     Report about logins

       -m     Report about account modifications

       -p     Report about processes

       -r     This option will output the main summary report.

       -s     Report about syscalls

       --success
	      Only  select  successful	events for processing in the reports.
	      The default is both success and failed events.

       --summary
	      Run the summary report that gives a total of  the	 elements  of
	      the main report. Not all reports have a summary.

       -t     This option will output a report of the start and end times for
	      each log.

       -te [end date] [end time]
	      Search for events with time stamps equal to or before the given
	      end time. The format of end time depends on your locale. If the
	      date is omitted, today is assumed. If the time is omitted,  now
	      is  assumed.  Use	 24  hour  clock time rather than AM or PM to
	      specify time. An example date is 10/24/05. An example  of	 time
	      is 18:00:00.

       -tm    Report about terminals

       -ts [start date] [start time]
	      Search  for events with time stamps equal to or after the given
	      end time. The format of end time depends on your locale. If the
	      date is omitted, today is assumed. If the time is omitted, mid-
	      night is assumed. Use 24 hour clock time rather than AM  or  PM
	      to  specify  time.  An  example date is 10/24/05. An example of
	      time is 18:00:00.

       -u     Report about users

       -v     Print the version and exit

       -w     Report about watched files

       -x     Report about executables

SEE ALSO
       ausearch(8), auditd(8)



Red Hat				   Nov 2005			 AUREPORT:(8)


UNIX/Linux commands referenced on this page:
  1. column
  2. at
  3. top
  4. ausearch
  5. as
  6. more
  7. file
  8. time
  9. date
  10. clock