You use the Audit Facility Administration command line utility to do this.
mfauditadm -r [-date date] [-time time] -c -d [-o report-file-name] -f audit-file-name
| -f audit-file-name | An audit file in the collection to be dumped and for which a report is to be generated. |
| -c | Include each available file in the collection. |
| -r | Generate a report for each file available for dumping. |
| -d | Mark the files as dumped |
| -time time | Only include events with the given time in the report file.
The time should be specified with the format hh.mm[.ss[.nnn]]. NOT YET IMPLEMENTED |
| -date date | Only include events with the given date in the report file.
The date should be specified with the format yyyy/mm/dd. NOT YET IMPLEMENTED |
| -o report-file-name | Name of the report file to be created.
If this option is not specified, the report file will be derived from the audit-file-name, where the extension will be replaced by .txt. For example, if the audit-file-name was specified as mfaudit.DOCTEST.aud_3, the report file created would be named mfaudit.DOCTEST.txt |
mfauditadm -r -c -d -o auditdata.txt -f mfaudit.DOCTEST.aud_5
注意: To dump or generate a report for the active audit file, you must first make it available for dumping (see To make the active audit file available for dumping). Once an audit file has been dumped, you cannot generate a report for it, nor can you dump it again, until it has been reused by the audit consolidator process.
For more on dumping audit files, see Dumping Audit Files.
Related topics: