Date: Mon, 30 May 2005 16:49:20 GMT From: Tom Rhodes <trhodes@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 77722 for review Message-ID: <200505301649.j4UGnKqE024023@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=77722 Change 77722 by trhodes@trhodes_local on 2005/05/30 16:49:16 Kill hard sentence breaks and add some missing mark up to auditreduce.1. Use C99 keywords in auditreduce.c. Affected files ... .. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#2 edit .. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#3 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#2 (text+ko) ==== @@ -29,7 +29,7 @@ .Os .Sh NAME .Nm auditreduce -.Nd select records from audit trail files +.Nd "select records from audit trail files" .Sh SYNOPSIS .Nm auditreduce .Op Fl A @@ -50,11 +50,15 @@ The .Nm utility selects records from the audit trail files based on the specified -criteria. Matching audit records are printed to the standard output in -their raw binary form. If no filename is specified, the standard input is used -by default. Use the +criteria. +Matching audit records are printed to the standard output in +their raw binary form. +If no filename is specified, the standard input is used +by default. +Use the .Nm praudit -utility to print the selected audit records in human-readable form. See +utility to print the selected audit records in human-readable form. +See .Xr praudit 1 for more information. .Pp @@ -68,12 +72,13 @@ Select records that occurred before the given datetime. .It Fl c Ar flags Select records matching the given audit classes specified as a comma -separated list of audit flags. See +separated list of audit flags. +See .Xr audit_control 5 for a description of audit flags. .It Fl d Ar YYYYMMDD -Select records that occurred on a given date. This option cannot be used -with +Select records that occurred on a given date. +This option cannot be used with .Fl a or .Fl b @@ -90,14 +95,19 @@ .It Fl j Ar id Select records having a subject token with matching ID. .It Fl m Ar event -Select records with the given event name or number. See +Select records with the given event name or number. +See .Xr audit_event 5 for a description of audit event names and numbers. .It Fl o Ar object=value .Bl -tag -width Ds .It Nm file -Select records containing the given path name. file="/usr" matches paths -starting with usr. file="~/usr" matches paths not starting with usr. +Select records containing the given path name. +file="/usr" matches paths +starting with +.Pa usr . +file="~/usr" matches paths not starting with +.Pa usr . .It Nm msgqid Select records containing the given message queue id. .It Nm pid @@ -116,7 +126,9 @@ .Nm -e root /var/audit/20031016184719.20031017122634 .Pp -To select all setlogin(2) events from that log: +To select all +.Xr setlogin 2 +events from that log: .Pp .Nm -m AUE_SETLOGIN /var/audit/20031016184719.20031017122634 ==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#3 (text+ko) ==== @@ -28,11 +28,7 @@ /* * Tool used to merge and select audit records from audit trail files - */ - -/* - * auditreaduce [options] [audit-trail-file...] - */ + */ /* * XXX Currently we do not support merging of records from multiple @@ -59,7 +55,7 @@ au_mask_t maskp; /* Used while selecting based on class */ time_t p_atime;/* select records created after this time */ time_t p_btime;/* select records created before this time */ -u_int16_t p_evtype; /* The event that we are searching for */ +uint16_t p_evtype; /* The event that we are searching for */ int p_auid; /* audit id */ int p_euid; /* effective user id */ int p_egid; /* effective group id */ @@ -76,7 +72,7 @@ char *p_sockobj = NULL; -u_int32_t opttochk = 0; +uint32_t opttochk = 0; static void usage(const char *msg) @@ -193,7 +189,7 @@ /* * Check if object's pid maches the given pid */ -static int select_pidobj(u_int32_t pid) +static int select_pidobj(uint32_t pid) { if(ISOPTSET(opttochk, OPT_op)) { if(pid != strtol(p_pidobj, (char **)NULL, 10)) { @@ -207,7 +203,7 @@ * Check if the given ipc object with the given type matches the * selection criteria */ -static int select_ipcobj(u_char type, u_int32_t id, u_int32_t *optchkd) +static int select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd) { if(type == AT_IPC_MSG) { SETOPT((*optchkd), OPT_om); @@ -251,7 +247,7 @@ /* * Check if the file name matches selection criteria */ -static int select_filepath(char *path, u_int32_t *optchkd) +static int select_filepath(char *path, uint32_t *optchkd) { char *loc; @@ -286,7 +282,7 @@ * class, * event */ -static int select_hdr32(tokenstr_t tok, u_int32_t *optchkd) +static int select_hdr32(tokenstr_t tok, uint32_t *optchkd) { SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m)); @@ -335,7 +331,7 @@ * ruid, * process id */ -static int select_proc32(tokenstr_t tok, u_int32_t *optchkd) +static int select_proc32(tokenstr_t tok, uint32_t *optchkd) { SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_op)); @@ -371,7 +367,7 @@ * ruid, * subject id */ -static int select_subj32(tokenstr_t tok, u_int32_t *optchkd) +static int select_subj32(tokenstr_t tok, uint32_t *optchkd) { SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_j)); @@ -407,7 +403,7 @@ int reclen; int bytesread; int selected; - u_int32_t optchkd; + uint32_t optchkd; int err = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505301649.j4UGnKqE024023>