AUDIT(1M) Maintenance Commands AUDIT(1M)


NAME


audit - control the behavior of the audit daemon

SYNOPSIS


audit -n | -s | -t | -v


DESCRIPTION


The audit command is the system administrator's interface to maintaining
the audit daemon auditd(1M). The audit daemon can be stopped, started, or
notified to reread the configuration, stored in smf(5) and managed using
the auditconfig(1M) command.

OPTIONS


-n
Notify the audit daemon to close the current audit file and
open a new audit file in the current audit directory.


-s
Validates the audit service configuration and, if correct,
notify the audit daemon to reread the audit configuration. If
the audit daemon is not running, the audit daemon is started.


-t
Direct the audit daemon to close the current audit trail file,
disable auditing, and die. Use -s to restart auditing.


-v
Validate the audit service configuration. At least one plugin
must be active; if that plugin is audit_binfile then its p_dir
attribute must contain at least one valid directory, and its
p_minfree attribute must be between 0 and 100.


DIAGNOSTICS


The audit command will exit with 0 upon success and a positive integer
upon failure.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|Stability | Evolving |
+---------------+-----------------+

SEE ALSO


praudit(1M), auditconfig(1M), audit(2), smf(5), attributes(5)

NOTES


The -v option can be used in any zone, but the -t, -s, and -n options are
valid only in local zones and, then, only if the perzone audit policy is
set. See auditd(1M) and auditconfig(1M) for per-zone audit configuration.


March 6, 2017 AUDIT(1M)