System Administration Commands auditstat(1M)
NAME
auditstat - display kernel audit statistics
SYNOPSIS
auditstat [-c count] [-h numlines] [-i interval] [-n]
[-T u | d ] [-v]
DESCRIPTION
auditstat displays kernel audit statistics. The fields
displayed are as follows: aud The total number of audit records processed by the audit(2) system call. ctl This field is obsolete. drop The total number of audit records that have been dropped. Records are dropped according to the kernelaudit policy. See auditon(2), AUDIT_CNT policy for
details. enq The total number of audit records put on the kernel audit queue. gen The total number of audit records that have been constructed (not the number written). kern The total number of audit records produced by user processes (as a result of system calls). mem The total number of Kbytes of memory currently in use by the kernel audit module.nona The total number of non-attributable audit records
that have been constructed. These are audit records that are not attributable to any particular user. rblk The total number of times that the audit queue has blocked waiting to process audit data. tot The total number of Kbytes of audit data written to the audit trail.SunOS 5.11 Last change: 12 Apr 2010 1
System Administration Commands auditstat(1M)
wblk The total number of times that user processes blocked on the audit queue at the high water mark. wrtn The total number of audit records written. The difference between enq and wrtn is the number of outstanding audit records on the audit queue that have not been written. OPTIONS-c count Display the statistics a total of count
times. If count is equal to zero, statistics are displayed indefinitely. A time interval must be specified.-h numlines Display a header for every numlines of
statistics printed. The default is to display the header every 20 lines. If numlines is equal to zero, the header is never displayed.-i interval Display the statistics every interval where
interval is the number of seconds to sleep between each collection.-n Display the number of kernel audit events
currently configured.-T u | d Display a time stamp.
Specify u for a printed representation of the internal representation of time. See time(2). Specify d for standard date format. See date(1).-v Display the version number of the kernel
audit module software. EXIT STATUSauditstat returns 0 upon success and 1 upon failure.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 12 Apr 2010 2
System Administration Commands auditstat(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs ||_____________________________|_____________________________|
SEE ALSO
auditconfig(1M), praudit(1M), audit(2), auditon(2), attri-
butes(5) NOTES The functionality described in this man page is available only if Solaris Auditing has been enabled.SunOS 5.11 Last change: 12 Apr 2010 3