Trusted Solaris Administration Overview

audit and auditd

The audit(1M) command is an interface to control the current audit daemon. The audit daemon.auditd(1M), controls the generation and location of audit trail files, using information from the audit_control file. The auditd command starts the audit daemon (if auditing has been enabled). The audit command can halt the daemon, which stops the recording but not the collection of audit records; the audit command provides other options as well for controlling the daemon.

The audit command lets you