The auditconfig command provides a command line interface to get and set audit configuration information and audit policy. It can be used in the audit_startup(1M) script to set audit policies when the audit daemon is started. See the auditconfig(1M) man page and "Dynamic Procedures", for examples of the use of the auditconfig command.
Check the configuration of kernel audit event to class mappings and report any inconsistencies.
Reconfigure kernel event to class mappings at runtime to match the current mappings in the audit_event file.
Get the workstation's auditing condition. The possible responses are.
Auditing is enabled and turned on.
Auditing is enabled but turned off.
The audit module is not enabled.
Set the workstation's auditing condition: auditing or noaudit. To disable auditing, modify the audit script and the system(4) file and reboot. See "To Disable Auditing" for the procedure.
Get the preselection classes to which the specified event is mapped.
Set the preselection classes to which the specified event is mapped.
Display the currently configured (runtime) kernel and user audit event information.
Get the audit ID, preselection mask, terminal ID, and audit session ID of the specified process.
Set the kernel preselection mask for non-attribute events to the specified audit flags.
Set the kernel preselection mask for non-attribute events to the classes specified in the naflags field of the audit_control file.
Set the preselection mask of the specified process.
Set the preselection mask of all processes with the specified audit session ID.
Set the preselection mask of all processes with the specified user audit ID.
Display the list of audit policies with a short description of each one.
Get the current audit policy flags.
Set the audit policy flags to the specified policies. See "Setting Audit Policies".