3.10.4 Checking the Audit-related Setting Items and Commands
3.10.4 Checking the Audit-related Setting Items and Commands
Table 3-25 lists the audit-related setting items and the corresponding XSCF shell commands.
Setting Item | Required or Optional Setting | Related Command |
---|---|---|
Enabling/Disabling auditing | Optional | setaudit(8), showaudit(8) |
Archiving an audit log (*1), deleting data | Optional | setaudit(8), showaudit(8) |
Audit policy - Specifying enable/disable for the specified users or application of a global policy - Enabling/Disabling an audit class - Enabling/Disabling an audit event - Enabling/Disabling auditing for all users (global policy) - Warning threshold for the audit log amount (%) - Destination e-mail address used when the audit log amount reaches the threshold - Suspending writing/Discarding data when the audit log reaches full capacity (*2) |
Optional | setaudit(8), showaudit(8) setsmtp(8), showsmtp(8) |
Displaying an audit log - Records after the specified time - Records before the specified time - Records in the specified time range - Records on a certain date (for 24 hours on a certain date in local time) - Audit class - Audit event - Audit session ID - User privileges - Return value (success, failure, or none) - User (name or numeric UID value) |
Optional | viewaudit(8) |
Display an audit trail by specifying the format as described below: - Outputting the data on a line-by-line basis - Specifying a delimiter character (default: comma) - Suppressing conversion from UIDs to user names and conversion from IP addresses to host names - Outputting the data in XML format |
||
*1 Audit log archiving is not currently supported. *2 When an audit log reaches full capacity, only the default audit policy "count," which discards audit records, is currently supported. Do not specify "suspend." |
< Previous Page | Next Page >