345
346 shmowner=user
347
348 Select records containing shared memory objects with user as
349 the owning or creating user.
350
351
352 sock=port_number|machine
353
354 Select records containing socket objects with the specified
355 port_number or the specified machine where machine is a machine
356 name as defined in hosts(4).
357
358
359 fmri=service instance
360
361 Select records containing fault management resource identifier
362 (FMRI) objects with the specified service instance. See smf(5).
363
364
365
366 -r real-user
367
368 Select records with the specified real-user.
369
370
371 -s session-id
372
373 Select audit records with the specified session-id.
374
375
376 -u audit-user
377
378 Select records with the specified audit-user.
379
380
381 -z zone-name
382
383 Select records from the specified zone name. The zone name
384 selection is case-sensitive.
385
605 Since auditreduce might be processing a large number of input files, it
606 is possible that the machine-wide limit on open files will be exceeded.
607 If this happens, auditreduce displays a message to that effect, give
608 information on how many file there are, and exit.
609
610
611 If auditreduce displays a record's timestamp in a diagnostic message,
612 that time is in local time. However, when filenames are displayed,
613 their timestamps are in GMT.
614
615 BUGS
616 Conjunction, disjunction, negation, and grouping of record selection
617 options should be allowed.
618
619 NOTES
620 The -z option should be used only if the audit policy zonename is set.
621 If there is no zonename token, then no records will be selected.
622
623
624
625 March 6, 2017 AUDITREDUCE(1M)
|
345
346 shmowner=user
347
348 Select records containing shared memory objects with user as
349 the owning or creating user.
350
351
352 sock=port_number|machine
353
354 Select records containing socket objects with the specified
355 port_number or the specified machine where machine is a machine
356 name as defined in hosts(4).
357
358
359 fmri=service instance
360
361 Select records containing fault management resource identifier
362 (FMRI) objects with the specified service instance. See smf(5).
363
364
365 wsid=Windows SID
366
367 Select records containing Windows SIDS matching the specified
368 SID.
369
370
371
372 -r real-user
373
374 Select records with the specified real-user.
375
376
377 -s session-id
378
379 Select audit records with the specified session-id.
380
381
382 -u audit-user
383
384 Select records with the specified audit-user.
385
386
387 -z zone-name
388
389 Select records from the specified zone name. The zone name
390 selection is case-sensitive.
391
611 Since auditreduce might be processing a large number of input files, it
612 is possible that the machine-wide limit on open files will be exceeded.
613 If this happens, auditreduce displays a message to that effect, give
614 information on how many file there are, and exit.
615
616
617 If auditreduce displays a record's timestamp in a diagnostic message,
618 that time is in local time. However, when filenames are displayed,
619 their timestamps are in GMT.
620
621 BUGS
622 Conjunction, disjunction, negation, and grouping of record selection
623 options should be allowed.
624
625 NOTES
626 The -z option should be used only if the audit policy zonename is set.
627 If there is no zonename token, then no records will be selected.
628
629
630
631 July 10, 2018 AUDITREDUCE(1M)
|