Audit Service Man Pages
The following table summarizes the major administrative man pages for the audit
service.
|
|
|
Command that controls the actions of the audit service
audit -n starts a new audit file for the
audit_binfile plugin.
audit -s enables and refreshes auditing.
audit -t disables auditing.
audit -v verifies that at least one plugin is active.
|
|
Default audit plugin, which sends audit records to a binary file. See also Audit Plugins.
|
|
Audit plugin that sends audit records to a remote receiver.
|
|
Audit plugin that sends text summaries of audit records to the syslog
utility.
|
|
File that contains the definitions of audit classes. The eight high-order bits are
available for customers to create new audit classes. For more information about the effect of
modifying this file on system upgrade, see How to Add an Audit Class.
|
|
File that contains the definitions of audit events and maps the events to audit
classes. The mapping can be modified. For more information about the effect of modifying this
file on system upgrade, see How to Change an Audit Event's Class Membership.
|
|
Describes the syntax of audit class preselection, the prefixes for selecting only failed
events or only successful events, and the prefixes that modify an existing
preselection.
|
|
Describes the naming of binary audit files, the internal structure of a file, and the
structure of every audit token.
|
|
Script that notifies an email alias when the audit service encounters an unusual
condition while writing audit records. You can customize this script for your site to warn of
conditions that might require manual intervention or can specify how to handle those
conditions automatically.
|
|
Command that retrieves and sets audit configuration parameters.
Issue this auditconfig with no options to display a list of parameters
that can be retrieved and set.
|
|
|
|
Command that post-selects and merges audit records that are stored in binary
format. The command can merge audit records from one or more input audit files. The records
remain in binary format.
Uppercase options affect file selection. Lowercase options affect record selection.
|
|
Command that displays kernel audit statistics. For example, the command can
display the number of dropped records and the number of audit records that user processes
produced in the kernel as a result of system calls.
|
|
Command that reads audit records in binary format from standard input and displays
the records in a presentable format. The input can be piped from the
auditreduce command or from a single audit file or a list of audit files.
Input can also be produced with the tail -0f command for a current audit
file.
|
|