diff options
Diffstat (limited to 'contrib/openbsm/bin/auditreduce/auditreduce.1')
-rw-r--r-- | contrib/openbsm/bin/auditreduce/auditreduce.1 | 154 |
1 files changed, 0 insertions, 154 deletions
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.1 b/contrib/openbsm/bin/auditreduce/auditreduce.1 deleted file mode 100644 index 9ae97263aa64..000000000000 --- a/contrib/openbsm/bin/auditreduce/auditreduce.1 +++ /dev/null @@ -1,154 +0,0 @@ -.\" Copyright (c) 2004 Apple Computer, Inc. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of -.\" its contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR -.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#10 $ -.\" -.Dd January 24, 2004 -.Dt AUDITREDUCE 1 -.Os -.Sh NAME -.Nm auditreduce -.Nd "select records from audit trail files" -.Sh SYNOPSIS -.Nm auditreduce -.Op Fl A -.Op Fl a Ar YYYYMMDD[HH[MM[SS]]] -.Op Fl b Ar YYYYMMDD[HH[MM[SS]]] -.Op Fl c Ar flags -.Op Fl d Ar YYYYMMDD -.Op Fl e Ar euid -.Op Fl f Ar egid -.Op Fl g Ar rgid -.Op Fl r Ar ruid -.Op Fl u Ar auid -.Op Fl j Ar id -.Op Fl m Ar event -.Op Fl o Ar object=value -.Op Ar file ... -.Sh DESCRIPTION -The -.Nm -utility selects records from the audit trail files based on the specified -criteria. -Matching audit records are printed to the standard output in -their raw binary form. -If no filename is specified, the standard input is used -by default. -Use the -.Nm praudit -utility to print the selected audit records in human-readable form. -See -.Xr praudit 1 -for more information. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl A -Select all records. -.It Fl a Ar YYYYMMDD[HH[MM[SS]]] -Select records that occurred after or on the given datetime. -.It Fl b Ar YYYYMMDD[HH[MM[SS]]] -Select records that occurred before the given datetime. -.It Fl c Ar flags -Select records matching the given audit classes specified as a comma -separated list of audit flags. -See -.Xr audit_control 5 -for a description of audit flags. -.It Fl d Ar YYYYMMDD -Select records that occurred on a given date. -This option cannot be used with -.Fl a -or -.Fl b . -.It Fl e Ar euid -Select records with the given effective user id or name. -.It Fl f Ar egid -Select records with the given effective group id or name. -.It Fl g Ar rgid -Select records with the given real group id or name. -.It Fl r Ar ruid -Select records with the given real user id or name. -.It Fl u Ar auid -Select records with the given audit id. -.It Fl j Ar id -Select records having a subject token with matching ID. -.It Fl m Ar event -Select records with the given event name or number. -See -.Xr audit_event 5 -for a description of audit event names and numbers. -.It Fl o Ar object=value -.Bl -tag -width Ds -.It Nm file -Select records containing the given path name. -file="/usr" matches paths -starting with -.Pa usr . -file="~/usr" matches paths not starting with -.Pa usr . -.It Nm msgqid -Select records containing the given message queue id. -.It Nm pid -Select records containing the given process id. -.It Nm semid -Select records containing the given semaphore id. -.It Nm shmid -Select records containing the given shared memory id. -.El -.El -.Sh Examples -.Pp -To select all records associated with effective user ID root from the audit -log -.Pa /var/audit/20031016184719.20031017122634 : -.Pp -.Nm --e root /var/audit/20031016184719.20031017122634 -.Pp -To select all -.Xr setlogin 2 -events from that log: -.Pp -.Nm --m AUE_SETLOGIN /var/audit/20031016184719.20031017122634 -.Sh SEE ALSO -.Xr praudit 1 , -.Xr audit_control 5 , -.Xr audit_event 5 -.Sh AUTHORS -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc. in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. |