PreviousNext

Displaying Audit Trail Files

Use the dcecp auditrail show command to examine the contents of an audit trail file. You can display the contents of either the central or local audit trail file.

For example, you can use the following command to see the contents of the audit trail file central_trail:

dcecp> audtrail show /opt/dcelocal/var/audit/adm/central_trail

--- Start of an event record --- Event Number: 275

Event Name: LOGIN_getinfo

Event Outcome: success

Server: /.../stp.gburg.ibm.com/hosts/dceos2

Client: /.../stp.gburg.ibm.com/hosts/drinkernisti/self

Number of groups: 0

Authorization Status: Authorized with a pac

Date and Time recorded: 1994-12-19-19:02:27.037-05:00I-----

1 Event (s) specific

- item number 1 hosts/drinkernisti/self

--- End of an event record ---

--- Start of an event record --- Event Number: 275

Event Name: LOGIN_getinfo

Event Outcome: success

Server: /.../stp.gburg.ibm.com/hosts/dceos2

Client: Unknown client and cell uuids

Number of groups: 0

Authorization Status: Authorized with a pac

Date and Time recorded: 1994-12-19-19:02:28.819-05:00I-----

1 Event (s) specific

- item number 1 dce-rgy

--- End of an event record ---

If you prefer to have the audit trail data put into a file instead of displayed on your screen, include the -to option in the audtrail show command line. This option prints the audit trail file's contents to a specified filename. Using this option is strongly recommended for large trail files.