FUJITSU SPARC M4000 User Manual

<Example> Display all audit records.

XSCF> viewaudit

file,1,2006-04-26 21:37:25.626

+00:00,20060426213725.0000000000.SCF-4-0

header,20,1,audit - start,0.0.0.0,2006-04-26 21:37:25.660 +00:00

header,43,1,authenticate,0.0.0.0,2006-04-26 22:01:28.902 +00:00

authentication,failure,,unknown user,telnet 27652 0.0.197.33

header,37,1,login - telnet,0.0.0.0,2006-04-26 22:02:26.459 +00:00

subject,1,opl,normal,telnet 50466 10.18.108.4

header,78,1,command - setprivileges,0.0.0.0,2006-04-26

22:02:43.246 +00:00

subject,1,opl,normal,telnet 50466 10.18.108.4

command,setprivileges,opl,useradm

platform access,granted

return,0

Appendix B XSCF Log Information

B-11

In the example above, By default records are displayed in text format, one token
per line, with a comma as the field separator.

The following list displays the Token types and their data (in display order):

■

File Token

Label, version, time, filename

■

Header Token

Label, record byte count, version, event type, machine address, time (event
recorded)

■

Subject Token

Label, audit session ID, UID, mode of operation, terminal type, remote IP
address, remote port

■

Upriv Token

Label, success/failure

■

Udpriv Token

Label, success/failure, privilege name, domain1, ... , domainN

■

Command Token

Label, command name, argument1, ... , argumentN

■

Authentication Token

Label, authentication result, user name, message, terminal type, remote IP
address, remote port

■

Return Token

Label, return value