|
|  以 PDF 格式下載這本書
NAME
- auditstat - Display kernel audit statistics
SYNOPSIS
-
auditstat [-c count] [-h numlines] [-i interval] [-n] [-v]
AVAILABILITY
- SUNWcsu
DESCRIPTION
-
auditstat displays kernel audit statistics. These fields display total number:
-
-
aud
- Audit records processed by the audit(2TSOL) system call
-
-
ctl
- Obsolete
-
-
drop
- Audit records that have been dropped according to the kernel audit policy. See auditon(2TSOL), AUDIT_CNT policy for details.
-
-
enq
- Audit records put on the kernel audit queue
-
-
gen
- Audit records that have been constructed (not the number written)
-
-
kern
- Audit records produced by user processes (as a result of system calls)
-
mem Kbytes of memory currently in use by the kernel audit module
-
nona Nonattributable (not attributable to any particular user) audit records that have been constructed
-
-
rblk
- Times that auditsvc(2TSOL) has blocked waiting-to-process audit data
-
-
tot
- Kbytes of audit data written to the audit trail
-
wblk Times that user processes blocked on the audit queue at the high-water mark
-
-
wrtn
- Audit records written. The difference between enq and wrtn is the number of outstanding audit records on the audit queue that have not been written.
OPTIONS
-
-
-c count
- Display the statistics a total of count times. If count is equal to zero, statistics are displayed indefinitely. A time interval must be specified.
-
-
-h numlines
- Display a header for every numlines of statistics printed. The default displays the header every 20 lines. If numlines is equal to zero, the header is never displayed.
-
-
-i interval
- Display the statistics every interval where interval is the number of seconds to sleep between collections.
-
-
-n
- Display the number of kernel audit events currently configured.
-
-
-v
- Display the version number of the kernel audit-module software.
ERRORS
- Upon success, auditstat returns 0 .Upon failure, auditstat returns 1 .
SUMMARY OF TRUSTED
- By default, the audit module is enabled on Trusted Solaris systems. To succeed, this command requires the sys_audit privilege.
SOLARIS CHANGES
SEE ALSO
-
auditconfig(1MTSOL), praudit(1MTSOL), audit(2TSOL), auditon(2TSOL), auditsvc(2TSOL) Trusted Solaris Audit Administration Manual
NOTES
- This functionality is active only if the audit module has been enabled. By default, auditing is enabled in the Trusted Solaris environment. See Trusted Solaris Audit Administration Manual for how to disable and enable auditing.
|
|
