Commands to send to ubaudit for the audit trail
ubaudit reads stdin for commands to add information to the audit trail.
The audit trail is in /var/log/ubaudit.
As each line is read the ubaudit looks at the first character for a command.
COMMANDS
| CODE | DESCRIPTION | Example |
| A | Audit Group | Alogin |
| C | Command that is being logged | Cubreport |
| D | Directory command is running in | D/data/test/application |
| F | File for audit trail. Default /var/log/ubaudit | F/var/log/application |
| G | Group of user. Default is login group, but web applications need to specify this. | Gwheel |
| N | Notification list. When this audit happens notices are sent to the notification list. If the first letter is ‘*’ then it is a group of users. | N*management |
| T | Terminal being used. Default is the login terminal. | T/dev/tty0 |
| U | User name. Default is login user name or REMOTE_USER | Ufred |
| X | Description of audit event | Xapplication starting |
EXAMPLE
echo "Xapplication starting" | ubaudit