NAME
audit − control the behavior of the audit daemon
SYNOPSIS
audit -n | -s | -t
DESCRIPTION
The audit command is the general administrator’s interface to maintaining the audit trail. The audit daemon may be notified to read the contents of the audit_control(4) file and re-initialize the current audit directory to the first directory listed in the audit_control file or to open a new audit file in the current audit directory specified in the audit_control file as last read by the audit daemon. The audit daemon may also be signaled to close the audit trail and disable auditing.
OPTIONS
|
-n |
Signal audit daemon to close the current audit file and open a new audit file in the current audit directory. | ||
|
-s |
Signal audit daemon to read audit control file. The audit daemon stores the information internally. | ||
|
-t |
Signal audit daemon to close the current audit trail file, disable auditing and die. |
DIAGNOSTICS
The audit command will exit with 0 upon success and a positive integer upon failure.
FILES
/etc/security/audit_user
/etc/security/audit_control
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
SEE ALSO
bsmconv(1M), praudit(1M), audit(2), audit_control(4), audit_user(4), attributes(5)
NOTES
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
This command does not modify a process’s preselection mask. It only affects which audit directories are used for audit data storage and to specify the minimum size free.