Fujitsu SPARC Enterprise M4000 User Manual page 337

<Example> Display all audit records.
XSCF> viewaudit
file,1,2006-04-26 21:37:25.626
+00:00,20060426213725.0000000000.SCF-4-0
header,20,1,audit - start,0.0.0.0,2006-04-26 21:37:25.660 +00:00
header,43,1,authenticate,0.0.0.0,2006-04-26 22:01:28.902 +00:00
authentication,failure,,unknown user,telnet 27652 0.0.197.33
header,37,1,login - telnet,0.0.0.0,2006-04-26 22:02:26.459 +00:00
subject,1,opl,normal,telnet 50466 10.18.108.4
header,78,1,command - setprivileges,0.0.0.0,2006-04-26
22:02:43.246 +00:00
subject,1,opl,normal,telnet 50466 10.18.108.4
command,setprivileges,opl,useradm
platform access,granted
return,0
In the example above, By default records are displayed in text format, one token
per line, with a comma as the field separator.
The following list displays the Token types and their data (in display order):
File Token
■
Label, version, time, filename
Header Token
■
Label, record byte count, version, event type, machine address, time (event
recorded)
Subject Token
■
Label, audit session ID, UID, mode of operation, terminal type, remote IP
address, remote port
Upriv Token
■
Label, success/failure
Udpriv Token
■
Label, success/failure, privilege name, domain1, ... , domainN
Command Token
■
Label, command name, argument1, ... , argumentN
Authentication Token
■
Label, authentication result, user name, message, terminal type, remote IP
address, remote port
Return Token
■
Label, return value
Appendix B XSCF Log Information B-11