Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

auditstat(1m) [sunos man page]

auditstat(1M)						  System Administration Commands					     auditstat(1M)

NAME

       auditstat - display kernel audit statistics

SYNOPSIS

       auditstat [-c count] [-h numlines] [-i interval] [-n] [-v]

DESCRIPTION

       auditstat displays kernel audit statistics. The fields displayed are as follows:

       aud	The total number of audit records processed by the audit(2) system call.

       ctl	This field is obsolete.

       drop	The  total  number  of	audit  records that have been dropped. Records are dropped according to the kernel audit policy. See audi-
		ton(2), AUDIT_CNT policy for details.

       enq	The total number of audit records put on the kernel audit queue.

       gen	The total number of audit records that have been constructed (not the number written).

       kern	The total number of audit records produced by user processes (as a result of system calls).

       mem	The total number of Kbytes of memory currently in use by the kernel audit module.

       nona	The total number of non-attributable audit records that have been constructed. These are audit records that are  not  attributable
		to any particular user.

       rblk	The total number of times that auditsvc(2) has blocked waiting to process audit data.

       tot	The total number of Kbytes of audit data written to the audit trail.

       wblk	The total number of times that user processes blocked on the audit queue at the high water mark.

       wrtn	The  total  number of audit records written. The difference between enq and wrtn is the number of outstanding audit records on the
		audit queue that have not been written.

OPTIONS

       -c count        Display the statistics a total of count times. If count is equal to zero, statistics are displayed  indefinitely.   A  time
		       interval must be specified.

       -h numlines     Display	a  header  for every  numlines of statistics printed. The default is to display the header every 20 lines. If num-
		       lines is equal to zero, the header is never displayed.

       -i interval     Display the statistics every interval where interval is the number of seconds to sleep between each collection.

       -n	       Display the number of kernel audit events currently configured.

       -v	       Display the version number of the kernel audit module software.

EXIT STATUS

       auditstat returns 0 upon success and 1 upon failure.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auditconfig(1M), praudit(1M), bsmconv(1M), audit(2), auditon(2), auditsvc(2), attributes(5)

NOTES

       The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled.  See   bsmconv(1M)  for
       more information.

SunOS 5.10							    6 May 1993							     auditstat(1M)

Check Out this Related Man Page

audit(2)																  audit(2)

NAME

       audit - write a record to the audit log

SYNOPSIS

       cc [ flag ... ] file ... -lbsm -lsocket -lnsl  [ library... ]
       #include <sys/param.h>
       #include <bsm/libbsm.h>

       int audit(caddr_t record, int length);

       The  audit() function is used to write a record to the system audit log. The data pointed to by	record is written to the log after a mini-
       mal  consistency check, with the length parameter specifying the size of the record  in bytes.  The data  should  be  a	well-formed  audit
       record as described by  audit.log(4).

       The  kernel  validates the record header token type and length,	and sets the time stamp value before writing the record to the	audit log.
       The kernel does not do any preselection for  user-level generated events. If the audit policy  is  set  to   include  sequence  or  trailer
       tokens, the kernel will append
	them to the record.

       Upon successful completion, 0 is returned.  Otherwise, -1 is returned and errno is set to indicate the error.

       The audit() function will fail if:

       EFAULT	       The record argument points outside the process's allocated address space.

       EINVAL	       The  record  header  token ID is invalid or the length is  either less than the header token size or greater than MAXAUDIT-
		       DATA.

       EPERM	       The {PRIV_PROC_AUDIT} privilege is not asserted in the effective set of the calling process.

USAGE

       Only privileged processes can successfully execute this call.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |MT-Safe			   |
       +-----------------------------+-----------------------------+

       bsmconv(1M), auditd(1M), auditon(2), auditsvc(2), getaudit(2), audit.log(4), attributes(5), privileges(5)

       The functionality described in this man page is available only if the Basic Security Module (BSM) has been  enabled.  See  bsmconv(1M)  for
       more information.

								    31 Mar 2005 							  audit(2)
Man Page