NAME

audit - Control the behavior of the audit daemon

SYNOPSIS

audit -n | -s | -t

AVAILABILITY

SUNWcsu

DESCRIPTION

The audit(1MTSOL) command is the general administrator's interface to maintaining the audit trail. The administrator can request the audit daemon to read the contents of the audit_control(4TSOL) file and re-initialize the current audit directory to the first directory listed in the audit_control file; to open a new audit file in the current audit directory specified in the audit_control file as last read by the audit daemon; or to close the audit trail and disable auditing.

OPTIONS

-n

Signal the audit daemon to close the current audit file and open a new audit file in the current audit directory.

-s

Signal the audit daemon to read audit-control file. The audit daemon stores the information internally.

-t

Signal the audit daemon to close the current audit-trail file, disable auditing, and die.

RETURN VALUES

Upon success, the audit command returns 0 .Upon failure, the audit command returns a positive integer.

SUMMARY OF TRUSTED

By default, the audit module is enabled in the Trusted Solaris environment. By default, the machine halts when audit files run out of disk space. The Trusted Solaris environment adds programming interfaces, audit classes, and audit events.

SOLARIS CHANGES

This command should run at ADMIN_HIGH.

FILES

/etc/security/audit_user

/etc/security/audit_control

SEE ALSO

praudit(1MTSOL), audit(2TSOL), audit_control(4TSOL), audit_user(4TSOL)

NOTES

This functionality is active only if the audit module has been enabled. By default, auditing is enabled in the Trusted Solaris environment. See Trusted Solaris Audit Administration Manual for how to disable and enable auditing.

This command does not modify a preselection mask of a process. The command affects only the selection of audit directories for audit-data storage and the specification of the minimum size free.