NAME

audit - control the behavior of the audit daemon

SYNOPSIS

audit -n | -s | -t

AVAILABILITY

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

DESCRIPTION

The audit command is the general administrator's interface to maintaining the audit trail. The audit daemon may be notified to read the contents of the audit_control(4) file and re-initialize the current audit directory to the first directory listed in the audit_control file or to open a new audit file in the current audit directory specified in the audit_control file as last read by the audit daemon. The audit daemon may also be signaled to close the audit trail and disable auditing.

OPTIONS

-n

Signal audit daemon to close the current audit file and open a new audit file in the current audit directory.

-s

Signal audit daemon to read audit control file. The audit daemon stores the information internally.

-t

Signal audit daemon to close the current audit trail file, disable auditing and die.

DIAGNOSTICS

The audit command will exit with 0 upon success and a positive integer upon failure.

FILES

/etc/security/audit_user

/etc/security/audit_control

SEE ALSO

bsmconv(1M), audit(2), audit_control(4), audit_user(4)

NOTES

This command does not modify a process's preselection mask. It only affects which audit directories are used for audit data storage and to specify the minimum size free.