Version 6.6
323
October 2014
Installation & Operation Manual
33. Configuring Security Settings
Use the
-ts
and
-te
(for start time and end time) options with any of the above
commands to limit your reports to a certain time frame. Use the -i option with any of
these commands to transform numeric entities to human-readable text.
For example, the following command creates a login report for the time between 8 am
and 5:30 pm on the current day and converts numeric entries to text:
client238::~# aureport -ts 8:00 -te 17:30 -l -i
Login Report
# date time auid host term exe success event
1. 08/11/2009 08:54:04 ems 10.13.2.19 /dev/pts/0 /usr/sbin/sshd yes
299898
2. 08/11/2009 09:37:17 root 10.7.2.37 /dev/pts/2 /usr/sbin/sshd yes
302103
Use the
ausearch
command to find a detailed log entry of individual events.
ausearch -a
audit_event_id
– shows all audit trail records carrying a particular
audit event ID. Each audit event message is logged along with a message ID
consisting of a UNIX epoch time stamp plus a unique event ID separated by a
colon. All events that are logged from one application's system call have the
same event ID. As one application's system call may trigger several events to be
logged, you are likely to retrieve more than one record from the log.
ausearch -ul
login_id
– shows all audit trail records associated with a particular
login user ID. It displays any records related to the user login ID specified
provided that the user had been able to log in successfully.
ausearch -m
message_type
– shows all audit trail records related to a particular
message type. Examples of valid message types include PATH, SYSCALL,
USER_LOGIN. Invoking
ausearch -m
without a message type displays a list of
all message types.
ausearch -f
filename
– shows all audit trail records containing a certain filename.
Using the filename alone works well, however using relative paths does not.
ausearch -p
process_id
– shows all audit trail records related to a certain
process ID.
Use the
-ts
and
-te
(for start time and end time) options with any of the above
commands to limit your reports to a certain time frame. Use the
-i
option with any of
these commands to transform numeric entities to human-readable text.
For example, the following command searches for all audit events related to
/etc/audit/audit.conf
file that occured within the last week:
Summary of Contents for Mediant 8000
Page 2: ......
Page 33: ...Part I Hardware Overview This part describes the hardware overview of the Mediant 8000 chassis...
Page 34: ......
Page 90: ......
Page 158: ......
Page 264: ......
Page 546: ......
Page 775: ...Part VI Maintenance This part describes the Mediant 8000 maintenance procedures...
Page 776: ......
Page 834: ......
Page 879: ...Part VIII Appendices This part describes additional Mediant 8000 configuration procedures...
Page 880: ......
Page 924: ...Media Gateway Mediant 8000 www audiocodes com Installation Operation Maintenance Manual...