EasyManua.ls Logo

AudioCodes Mediant 8000 - Page 323

AudioCodes Mediant 8000
924 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Version 6.6 323 October 2014
Installation & Operation Manual 33. Configuring Security Settings
Use the -ts and -te (for start time and end time) options with any of the above
commands to limit your reports to a certain time frame. Use the -i option with any of
these commands to transform numeric entities to human-readable text.
For example, the following command creates a login report for the time between 8 am
and 5:30 pm on the current day and converts numeric entries to text:
client238::~# aureport -ts 8:00 -te 17:30 -l -i
Login Report
# date time auid host term exe success event
1. 08/11/2009 08:54:04 ems 10.13.2.19 /dev/pts/0 /usr/sbin/sshd yes
299898
2. 08/11/2009 09:37:17 root 10.7.2.37 /dev/pts/2 /usr/sbin/sshd yes
302103
Use the ausearch command to find a detailed log entry of individual events.
ausearch -a audit_event_id shows all audit trail records carrying a particular
audit event ID. Each audit event message is logged along with a message ID
consisting of a UNIX epoch time stamp plus a unique event ID separated by a
colon. All events that are logged from one application's system call have the
same event ID. As one application's system call may trigger several events to be
logged, you are likely to retrieve more than one record from the log.
ausearch -ul login_id shows all audit trail records associated with a particular
login user ID. It displays any records related to the user login ID specified
provided that the user had been able to log in successfully.
ausearch -m message_typeshows all audit trail records related to a particular
message type. Examples of valid message types include PATH, SYSCALL,
USER_LOGIN. Invoking ausearch -m without a message type displays a list of
all message types.
ausearch -f filenameshows all audit trail records containing a certain filename.
Using the filename alone works well, however using relative paths does not.
ausearch -p process_id shows all audit trail records related to a certain
process ID.
Use the -ts and -te (for start time and end time) options with any of the above
commands to limit your reports to a certain time frame. Use the -i option with any of
these commands to transform numeric entities to human-readable text.
For example, the following command searches for all audit events related to
/etc/audit/audit.conf file that occured within the last week:

Table of Contents

Related product manuals