The audit command is the general administrator's interface to maintaining the audit trail. The audit daemon may be notified to read the contents of the audit_control(4) file and re-initialize the current audit directory to the first directory listed in the audit_control file or to open a new audit file in the current audit directory specified in the audit_control file as last
read by the audit daemon. The audit daemon may also be signaled to close the audit trail and disable auditing. The audit command must inherit the
Signal audit daemon to close the current audit file and open a new audit file in the current audit directory.
Signal audit daemon to read audit control file. The audit daemon stores the information internally.
Signal audit daemon to close the current audit trail file, disable auditing and die.
The audit command will exit with 0 upon success and a positive integer upon failure.
File containing user information for system audit daemon.
File containing information for system audit daemon.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
This functionality is active only if auditing is enabled. By default, auditing is enabled in the Trusted Solaris environment. By default, the machine halts when audit files run out of disk space. The Trusted Solaris environment adds programming interfaces, audit classes, and audit events.
This command must be run at
ADMIN_HIGH, and must inherit the
This command does not modify a process's preselection mask. It only affects which audit directories are used for audit data storage and to specify the minimum size free.