Este conteúdo não está disponível no idioma selecionado.
7.8. Creating Audit Reports
The aureport utility allows you to generate summary and columnar reports on the events recorded in Audit log files. By default, all
audit.log
files in the /var/log/audit/
directory are queried to create the report. You can specify a different file to run the report against using the aureport options -if file_name
command.
Example 7.8. Using aureport
to Generate Audit Reports
To generate a report for logged events in the past three days excluding the current example day, use the following command:
~]# aureport --start 04/08/2013 00:00:00 --end 04/11/2013 00:00:00
To generate a report of all executable file events, use the following command:
~]# aureport -x
To generate a summary of the executable file event report above, use the following command:
~]# aureport -x --summary
To generate a summary report of failed events for all users, use the following command:
~]# aureport -u --failed --summary -i
To generate a summary report of all failed login attempts per each system user, use the following command:
~]# aureport --login --summary -i
To generate a report from an
ausearch
query that searches all file access events for user ID 1000
, use the following command:
~]# ausearch --start today --loginuid 1000 --raw | aureport -f --summary
To generate a report of all Audit files that are queried and the time range of events they include, use the following command:
~]# aureport -t
For a full listing of all
aureport
options, see the aureport(8) man page.