To Dump and Generate a Report for an Audit File (deprecated)

Note: Audit Manager is deprecated and provided for backward compatibility only. We recommend that you use syslog events instead. See Enterprise Server Auditing for more information.

Syntax:

You use the Audit Manager Administration command line utility to do this.

mfauditadm -r [-date yyyy/mm/dd] [-time hh.mm[.ss[.nnn]]]
                -d [-o output-file-name] -f report-audit-file

Parameters:

-r
Generate a report.
-date yyyy/mm/dd
In the generated report file, include only events on the given date.
-time hh.mm[.ss[.nnn]]
In the generated report file, include only events from the given time.
-d
Mark the file as dumped.
-o output-file-name
Name of the report file to be created. If not specified, the report file name is derived from the report-audit-file name prefix, plus a .txt extension. For example, if report-audit-file filename is mfaudit.DOCTEST.aud_3, the report file created is mfaudit.DOCTEST.txt.

Example:

mfauditadm -r -d -o auditdata.txt -f mfaudit.DOCTEST.aud_5
Note: Once an audit file has been dumped, you cannot generate a report for it, nor can you dump it again until it has been reused by the audit consolidator process.