Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
audit(1M)							     audit(1M)

       audit - control the behavior of the audit daemon

       audit -n	| -s | -t | -v	[path]

       The  audit command is the system	administrator's	interface to maintain-
       ing the audit trail. The	audit daemon can be notified to	read the  con-
       tents  of the audit_control(4) file and re-initialize the current audit
       directory to the	first directory	listed in the audit_control file or to
       open  a	new audit file in the current audit directory specified	in the
       audit_control file, as last read	by  the	 audit	daemon.	  Reading  au-
       dit_control  also  causes the minfree and plugin	configuration lines to
       be re-read and reset within auditd. The audit daemon can	also  be  sig-
       naled to	close the audit	trail and disable auditing.

       -n	Notify	the  audit  daemon to close the	current	audit file and
		open a new audit file in the current audit directory.

       -s	Notify the audit daemon	to read	the audit  control  file.  The
		audit  daemon  stores the information internally. If the audit
		daemon is not running but audit	has been enabled by  means  of
		bsmconv(1M), the audit daemon is started.

       -t	Direct the audit daemon	to close the current audit trail file,
		disable	auditing, and die. Use -s to restart auditing.

       -v path	Verify the syntax for the audit	control	file stored  in	 path.
		The audit command displays an approval message or outputs spe-
		cific error messages for each error found.

       The audit command will exit with	0 upon success and a positive  integer
       upon failure.



       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |
       |Stability		     |Evolving			   |

       bsmconv(1M),  praudit(1M),  audit(2),  audit_control(4),	audit_user(4),

       The functionality described in this man page is available only  if  the
       Basic  Security Module (BSM) has	been enabled. See bsmconv(1M) for more

       The audit command does not modify a  process's  preselection  mask.  It
       functions are limited to	the following:

	 o  affects which audit	directories are	used for audit data storage;

	 o  specifies the minimum free space setting;

	 o  resets the parameters supplied by means of the plugin directive.

       For  the	 -s  option, audit validates the audit_control syntax and dis-
       plays an	error message if a syntax error	is found. If  a	 syntax	 error
       message	is displayed, the audit	daemon does not	re-read	audit_control.
       Because audit_control is	processed at boot time,	the -v option is  pro-
       vided  to allow syntax checking of an edited copy of audit_control. Us-
       ing -v, audit exits with	0 if the syntax	is correct; otherwise, it  re-
       turns a positive	integer.

       The  -v	option can be used in any zone,	but the	-t, -s,	and -n options
       are valid only in local zones and, then,	only if	the perzone audit pol-
       icy  is set. See	auditd(1M) and auditconfig(1M) for per-zone audit con-

				  25 May 2004			     audit(1M)


Want to link to this manual page? Use this URL:

home | help