Skip to main content

3.10.4 Checking the Audit-related Setting Items and Commands

3.10.4 Checking the Audit-related Setting Items and Commands
Table 3-25 lists the audit-related setting items and the corresponding XSCF shell commands.
Table 3-25  Audit-related Setting Items
Setting Item Required or Optional Setting Related Command
Enabling/Disabling auditing Optional setaudit(8), showaudit(8)
Archiving an audit log (*1), deleting data Optional setaudit(8), showaudit(8)
Audit policy
- Specifying enable/disable for the specified users or application of a global policy

- Enabling/Disabling an audit class

- Enabling/Disabling an audit event

- Enabling/Disabling auditing for all users (global policy)

- Warning threshold for the audit log amount (%)

- Destination e-mail address used when the audit log amount reaches the threshold

- Suspending writing/Discarding data when the audit log reaches full capacity (*2)

Optional setaudit(8), showaudit(8)
setsmtp(8), showsmtp(8)
Displaying an audit log
- Records after the specified time

- Records before the specified time

- Records in the specified time range

- Records on a certain date (for 24 hours on a certain date in local time)

- Audit class

- Audit event

- Audit session ID

- User privileges

- Return value (success, failure, or none)

- User (name or numeric UID value)
Optional viewaudit(8)

Display an audit trail by specifying the format as described below:
- Outputting the data on a line-by-line basis

- Specifying a delimiter character (default: comma)

- Suppressing conversion from UIDs to user names and conversion from IP addresses to host names

- Outputting the data in XML format
*1 Audit log archiving is not currently supported.
*2 When an audit log reaches full capacity, only the default audit policy "count," which discards audit records, is currently supported. Do not specify "suspend."