AUDIT(8) Maintenance Commands and Procedures AUDIT(8)
NAME
audit - control the behavior of the audit daemon
SYNOPSIS
audit -n |
-s |
-t |
-vDESCRIPTION
The
audit command is the system administrator's interface to
maintaining the audit daemon
auditd(8). The audit daemon can be
stopped, started, or notified to reread the configuration, stored in
smf(7) and managed using the
auditconfig(8) command.
OPTIONS
-n Notify the audit daemon to close the current audit file
and open a new audit file in the current audit directory.
-s Validates the audit service configuration and, if correct,
notify the audit daemon to reread the audit configuration.
If the audit daemon is not running, the audit daemon is
started.
-t Direct the audit daemon to close the current audit trail
file, disable auditing, and die. Use
-s to restart
auditing.
-v Validate the audit service configuration. At least one
plugin must be active; if that plugin is
audit_binfile then its
p_dir attribute must contain at least one valid
directory, and its
p_minfree attribute must be between 0
and 100.
DIAGNOSTICS
The
audit command will exit with
0 upon success and a positive
integer upon failure.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|Stability | Evolving |
+---------------+-----------------+
SEE ALSO
audit(2),
attributes(7),
smf(7),
auditconfig(8),
praudit(8)NOTES
The
-v option can be used in any zone, but the
-t,
-s, and
-n options
are valid only in local zones and, then, only if the
perzone audit
policy is set. See
auditd(8) and
auditconfig(8) for per-zone audit
configuration.
March 6, 2017 AUDIT(8)
