FUJITSU SPARC M4000 User Manual

Chapter 2 Setting Up XSCF

2-63

Note –

(1) If audit is disabled, writing to the audit trail is stopped, all requests to the

log file transfer to the log archive function are also stopped. When audit is enabled,
writing restarts. Rebooting the system disables and then enables access auditing.
Also, the local audit file of XSCF have the primary and secondary files. The data is
kept as is even if you perform archiving unless it exceeds the threshold of audit file.
Therefore, the usage of the audit file never becomes 0.

Note –

(2) For detail of global policy, see the Administration Guide.

Display audit
trail

Displays an audit trail.
To display an audit trail, select one of the items
listed below.
Data is displayed in units of audit records.
• Records after the specified time
• Records before the specified time
• Records the specified range of time
• Records on a specific date (24 hours of

records on that date in local time)

• Audit class
• Audit event
• Audit session ID
• User privilege
• Return value (success, failure, or none)
• User (name or UID)
Also, to display an audit trail, specify the
following formats:
• Line by line printing
• Delimiter specified (The default delimiter is

the comma.)

• Suppressing conversion of UIDs into user

names and IP addresses into hostnames

• Printing in XML format
(Note 5)

viewaudit

• To use a delimiter as part of

input data, enclose it in
quotation marks. Up to
three delimiters can be
used.

• The return values are as

follows:

Success: 0
Failure: Other then 0
none: No return value
("none" indicates that no audit
token has a return value.)

TABLE 2-13

Audit Administration (Continued)

Item

Description

Shell
Command

Remarks