aureport - phpMan

Command: man perldoc info search(apropos)  

AUREPORT:(8)            System Administration Utilities           AUREPORT:(8)



NAME
       aureport - a tool that produces summary reports of audit daemon logs

SYNOPSIS
       aureport [ options ]

DESCRIPTION
       aureport  is  a  tool  that  produces summary reports of the audit system logs. The
       reports have a column label at the top to help with interpretation of  the  various
       fields.  Except  for the main summary report (-r), all reports have the audit event
       number. You can subsequently lookup the full event with ausearch -a <event number>.
       You  may  need  to specify start & stop times if you get multiple hits. The reports
       produced by aureport can be used as building blocks for more complicated  analysis.


OPTIONS
       -a     Report about avc messages

       -c     Report about config changes

       -e     Report about events

       -f     Report about files

       --failed
              Only select failed events for processing in the reports. The default is both
              success and failed events.

       -h     Report about hosts

       -i     Interpret  numeric  entities into text. For example,  uid  is  converted  to
              account  name.  The  conversion is done using the current resources  of  the
              machine where the search is being run. If you have renamed the accounts,  or
              don’t  have  the   same  accounts  on your machine, you could get misleading
              results.

       -if <file name>
              Use the given file instead if the logs. This is to aid  analysis  where  the
              logs have been moved to another machine or only part of a log was saved.

       -l     Report about logins

       -m     Report about account modifications

       -p     Report about processes

       -r     This option will output the main summary report.

       -s     Report about syscalls

       --success
              Only  select successful events for processing in the reports. The default is
              both success and failed events.

       --summary
              Run the summary report that gives a  total  of  the  elements  of  the  main
              report. Not all reports have a summary.

       -t     This option will output a report of the start and end times for each log.

       -te [end date] [end time]
              Search  for  events  with time stamps equal to or before the given end time.
              The format of end time depends on your locale. If the date is omitted, today
              is  assumed.  If the time is omitted, now is assumed. Use 24 hour clock time
              rather than AM or PM to specify time. An example date is 10/24/05. An  exam-
              ple of time is 18:00:00.

       -tm    Report about terminals

       -ts [start date] [start time]
              Search for events with time stamps equal to or after the given end time. The
              format of end time depends on your locale. If the date is omitted, today  is
              assumed. If the time is omitted, midnight is assumed. Use 24 hour clock time
              rather than AM or PM to specify time. An example date is 10/24/05. An  exam-
              ple of time is 18:00:00.

       -u     Report about users

       -v     Print the version and exit

       -w     Report about watched files

       -x     Report about executables

SEE ALSO
       ausearch(8), auditd(8)



Red Hat                            Nov 2005                       AUREPORT:(8)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache/1.3.41 (Unix) PHP/5.2.5 mod_perl/1.30 mod_gzip/1.3.26.1a
Under GNU General Public License
2008-08-31 00:45 @38.103.63.61 CrawledBy CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
Valid XHTML 1.0!Valid CSS!