Appendix B XSCF Log Information B-11
In the example above, By default records are displayed in text format, one token
per line, with a comma as the field separator.
The following list displays the Token types and their data (in display order):
â– File Token
Label, version, time, filename
â– Header Token
Label, record byte count, version, event type, machine address, time (event
recorded)
â– Subject Token
Label, audit session ID, UID, mode of operation, terminal type, remote IP
address, remote port
â– Upriv Token
Label, success/failure
â– Udpriv Token
Label, success/failure, privilege name, domain1, ... , domainN
â– Command Token
Label, command name, argument1, ... , argumentN
â– Authentication Token
Label, authentication result, user name, message, terminal type, remote IP
address, remote port
â– Return Token
Label, return value
<Example> Display all audit records.
XSCF> viewaudit
file,1,2006-04-26 21:37:25.626
+00:00,20060426213725.0000000000.SCF-4-0
header,20,1,audit - start,0.0.0.0,2006-04-26 21:37:25.660 +00:00
header,43,1,authenticate,0.0.0.0,2006-04-26 22:01:28.902 +00:00
authentication,failure,,unknown user,telnet 27652 0.0.197.33
header,37,1,login - telnet,0.0.0.0,2006-04-26 22:02:26.459 +00:00
subject,1,opl,normal,telnet 50466 10.18.108.4
header,78,1,command - setprivileges,0.0.0.0,2006-04-26
22:02:43.246 +00:00
subject,1,opl,normal,telnet 50466 10.18.108.4
command,setprivileges,opl,useradm
platform access,granted
return,0
To Next Page
Loading...
Need help?
General
