xref: /freebsd/contrib/openbsm/bin/praudit/praudit.1 (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1.\" Copyright (c) 2004-2009 Apple Inc.
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1.  Redistributions of source code must retain the above copyright
8.\"     notice, this list of conditions and the following disclaimer.
9.\" 2.  Redistributions in binary form must reproduce the above copyright
10.\"     notice, this list of conditions and the following disclaimer in the
11.\"     documentation and/or other materials provided with the distribution.
12.\" 3.  Neither the name of Apple Inc. ("Apple") nor the names of
13.\"     its contributors may be used to endorse or promote products derived
14.\"     from this software without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
20.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26.\" POSSIBILITY OF SUCH DAMAGE.
27.\"
28.Dd August 4, 2009
29.Dt PRAUDIT 1
30.Os
31.Sh NAME
32.Nm praudit
33.Nd "print the contents of audit trail files"
34.Sh SYNOPSIS
35.Nm
36.Op Fl lnpx
37.Op Fl r | s
38.Op Fl d Ar del
39.Op Ar
40.Sh DESCRIPTION
41The
42.Nm
43utility prints the contents of the audit trail files to the standard output in
44human-readable form.
45If no
46.Ar file
47argument is specified, the standard input is used
48by default.
49.Pp
50The options are as follows:
51.Bl -tag -width indent
52.It Fl d Ar del
53Specifies the delimiter.
54The default delimiter is the comma.
55.It Fl l
56Prints the entire record on the same line.
57If this option is not specified,
58every token is displayed on a different line.
59.It Fl n
60Do not convert user and group IDs to their names but leave in their
61numeric forms.
62.It Fl p
63Specify this option if input to
64.Nm
65is piped from the
66.Xr tail 1
67utility.
68This causes
69.Nm
70to sync to the start of the next record.
71.It Fl r
72Prints the records in their raw, numeric form.
73This option is exclusive from
74.Fl s .
75.It Fl s
76Prints the tokens in their short form.
77Short text representations for
78record and event type are displayed.
79This option is exclusive from
80.Fl r .
81.It Fl x
82Print audit records in the XML output format.
83.El
84.Pp
85If the raw or short forms are not specified, the default is to print the tokens
86in their long form.
87Events are displayed as per their descriptions given in
88.Pa /etc/security/audit_event ;
89UIDs and GIDs are expanded to their names;
90dates and times are displayed in human-readable format.
91.Sh FILES
92.Bl -tag -width ".Pa /etc/security/audit_control" -compact
93.It Pa /etc/security/audit_class
94Descriptions of audit event classes.
95.It Pa /etc/security/audit_event
96Descriptions of audit events.
97.El
98.Sh SEE ALSO
99.Xr auditreduce 1 ,
100.Xr audit 4 ,
101.Xr auditpipe 4 ,
102.Xr audit_class 5 ,
103.Xr audit_event 5
104.Sh HISTORY
105The OpenBSM implementation was created by McAfee Research, the security
106division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
107It was subsequently adopted by the TrustedBSD Project as the foundation for
108the OpenBSM distribution.
109.Sh AUTHORS
110.An -nosplit
111This software was created by McAfee Research, the security research division
112of McAfee, Inc., under contract to Apple Computer Inc.
113Additional authors include
114.An Wayne Salamon ,
115.An Robert Watson ,
116and SPARTA Inc.
117.Pp
118The Basic Security Module (BSM) interface to audit records and audit event
119stream format were defined by Sun Microsystems.
120