이 콘텐츠는 선택한 언어로 제공되지 않습니다.
7.8. Creating Audit Reports
The aureport utility allows you to generate summary and columnar reports on the events recorded in Audit log files. By default, all
audit.log files in the /var/log/audit/ directory are queried to create the report. You can specify a different file to run the report against using the aureport options -if file_name command.
Example 7.7. Using aureport to generate Audit reports
To generate a report for logged events in the past three days excluding the current example day, use the following command:
~]# aureport --start 04/08/2013 00:00:00 --end 04/11/2013 00:00:00
To generate a report of all executable file events, use the following command:
~]# aureport -x
To generate a summary of the executable file event report above, use the following command:
~]# aureport -x --summary
To generate a summary report of failed events for all users, use the following command:
~]# aureport -u --failed --summary -i
To generate a summary report of all failed login attempts per each system user, use the following command:
~]# aureport --login --summary -i
To generate a report from an
ausearch query that searches all file access events for user 500, use the following command:
~]# ausearch --start today --loginuid 500 --raw | aureport -f --summary
To generate a report of all Audit files that are queried and the time range of events they include, use the following command:
~]# aureport -t
For a full listing of all
aureport options, see the aureport(8) man page.
