- control the behavior of the audit daemon
audit -n | -s | -t | -v
The audit command is the system administrator's interface to start, stop, and refresh the audit service auditd(1M). Refreshing the audit service rereads the system and plugin configuration.
Notify the audit service audit_binfile plugin to close the current audit file and open a new audit file in the current audit directory.
Start (enable) the audit service if it is not running, or refresh the audit service, if it is currently running.
Terminate (disable) the audit service. The audit service will close out the active plugins, stop auditing and exit. Use -s to restart auditing.
Verify that at least one plugin is active. Verify the directory parameters of audit_binfile(5).
The audit command will exit with 0 upon success and a positive integer upon failure.
See attributes(5) for descriptions of the following attributes:
See the section on Solaris Auditing in 《Oracle Solaris 管理：安全服务》.
The audit command does not modify a process's preselection mask. Its functions are limited to performing control actions of the auditing subsystem. See auditconfig(1M) for configuration.
The -s option validates the audit plugin configuration. If it is not valid an error message is displayed and the audit service is not started or refreshed. The -v option may be used to validate the audit plugin configuration before using the -s option to start or refresh the audit service.
The -s option also checks state of the audit service. In case the audit service is found in the maintenance state (thus not able to be enabled or refreshed) the audit command returns with an appropriate message and exit code.
All options are valid in the global zone. Unless per-zone is enabled, only the -v option is valid in a local zone. See auditconfig(1M) for per-zone audit configuration.