2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
4 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
5 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH AUDITSTAT 1M "Jun 16, 2009"
8 auditstat \- display kernel audit statistics
12 \fBauditstat\fR [\fB-c\fR \fIcount\fR] [\fB-h\fR \fInumlines\fR] [\fB-i\fR \fIinterval\fR] [\fB-n\fR]
13 [\fB-T\fR u | d ] [\fB-v\fR]
19 \fBauditstat\fR displays kernel audit statistics. The fields displayed are as
27 The total number of audit records processed by the \fBaudit\fR(2) system call.
36 This field is obsolete.
45 The total number of audit records that have been dropped. Records are dropped
46 according to the kernel audit policy. See \fBauditon\fR(2), \fBAUDIT_CNT\fR
56 The total number of audit records put on the kernel audit queue.
65 The total number of audit records that have been constructed (not the number
75 The total number of audit records produced by user processes (as a result of
85 The total number of Kbytes of memory currently in use by the kernel audit
95 The total number of non-attributable audit records that have been constructed.
96 These are audit records that are not attributable to any particular user.
105 The total number of times that the audit queue has blocked waiting to process
115 The total number of Kbytes of audit data written to the audit trail.
124 The total number of times that user processes blocked on the audit queue at the
134 The total number of audit records written. The difference between \fBenq\fR and
135 \fBwrtn\fR is the number of outstanding audit records on the audit queue that
136 have not been written.
143 \fB\fB-c\fR \fIcount\fR\fR
146 Display the statistics a total of \fIcount\fR times. If \fIcount\fR is equal to
147 zero, statistics are displayed indefinitely. A time interval must be specified.
153 \fB\fB-h\fR \fInumlines\fR\fR
156 Display a header for every \fInumlines\fR of statistics printed. The default is
157 to display the header every 20 lines. If \fInumlines\fR is equal to zero, the
158 header is never displayed.
164 \fB\fB-i\fR \fIinterval\fR\fR
167 Display the statistics every \fIinterval\fR where \fIinterval\fR is the number
168 of seconds to sleep between each collection.
177 Display the number of kernel audit events currently configured.
183 \fB\fB-T\fR \fBu\fR | \fBd\fR\fR
186 Display a time stamp.
188 Specify \fBu\fR for a printed representation of the internal representation of
189 time. See \fBtime\fR(2). Specify \fBd\fR for standard date format. See
199 Display the version number of the kernel audit module software.
205 \fBauditstat\fR returns \fB0\fR upon success and \fB1\fR upon failure.
209 \fBauditconfig\fR(1M), \fBpraudit\fR(1M), \fBbsmconv\fR(1M), \fBaudit\fR(2),
210 \fBauditon\fR(2), \fBattributes\fR(5)
214 The functionality described in this man page is available only if Solaris
215 Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.