Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

181

182

183

184

185

186

187

188

189

190

-m module[source] Read audit data from the source using the specified Audit

DPMS service module. The source is the pathname of a file

where to read the data. If the source is omitted, auditdp

reads the audit data from the standard input.

-n nevents Specify the number of events to display. If nevents is

positive, process only the first nevents events. If nevents

is negative, process only the last nevents events. If -n is

not specified, all events are processed.

-o options Specify the option (case insensitive) to be passed to the

Audit DPMS framework when reading from the source. To

specify more than one option, use -o multiple times, or set

option to a quoted string containing a list of options

separated by spaces.

-p [source] Read portable format audit data. The source is the

pathname of a file where to read the data. If the source

pathname is not absolute, the pathname is assumed to be

relative to the current directory. If the source is omitted,

auditdp reads the audit data from the standard input.

-r [source] Read HP-UX raw audit data that was collected by the HP-UX

auditing system (see audit(5)). The source specifies the

pathname to a file if the data was collected in compatibility

mode, or to a directory if the data was collected in regular

mode. If the source pathname is not absolute, the pathname

is assumed to be relative to the current directory.

-s filter_string Selectively process audit data based on the filter expression

specified in the filter_string.

For more information, see auditdp(1M)

9.8.1 Examples of Using the auditdp Command

The following examples show audit information displayed using the auditdp command:

• Read raw data from audit_trail and write portable data to ./portable.

#auditdp -r /var/.audit/audit_trail -P portable

• Read raw data and write data in the audisp display format to stdout (see

Section 9.9).

#auditdp -r /var/.audit/audit_trail

• Read portable data and display only the last four events to stdout.

#auditdp -p portable -n -4

• Read and then write portable data, saving only the login events.

9.8 Using the Audit Reporting Tools 185