unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 auditd(1m)		  Open Software Foundation		  auditd(1m)




 NAME
      auditd - Starts the DCE Audit Daemon.

 SYNOPSIS
      auditd [-t trail_file] [-a] [-s size] [-wrap] [-w svc_route] [-d
      debug_level]


 OPTIONS
      -t	Specifies the pathname of the audit trail file used by the
		Audit daemon.  The default path of the audit trail file is
		dcelocal/var/aud/adm/central_trail.  If an audit trail file
		name (instead of an absolute pathname) is specified, the
		file will be created in the dcelocal/var/aud/adm/ directory.

      -a	Audits the Audit daemon's control interface access.

      -s size	Sets a warning threshold on the size of the audit trail
		file.  The Audit daemon displays a warning message each time
		an audit record is appended to the audit trail after the
		threshold has been reached.

      -wrap	Wraps the recording of audit events to the beginning of the
		audit trail file when its size limit is reached.  The
		default action when the size limit has been reached is to
		stop auditing.

      -w svc_route
		Specifies where each level of serviceability messages are
		routed.	 The svc_route argument is divided into three
		fields, separated by colons - the level, a routing
		identifier, and a routing parameter:

		severity:how:where

		See svcroute(5) for possible values for these fields.

      -d debug_level
		Specifies debugging level of sub-components. The debug_level
		argument contains four fields separated by a colon:

		component:flags:how:where

		See svcroute(5) for possible values of these fields.


 DESCRIPTION
      The auditd command starts the Audit daemon. The Audit daemon must be
      run on the host before the audit clients.





 Hewlett-Packard Company	    - 1 -	      OSF DCE 1.1/HP DCE 1.8






 auditd(1m)		  Open Software Foundation		  auditd(1m)




      The Audit daemon can only service audit clients that are on the host
      where it is running.  Thus, an Audit daemon must be installed and run
      on every host in the cell that has audit clients (audit clients
      include DCE servers and user-written application servers).

      The Audit daemon has two functions.  It maintains the filter files
      which are shared by all audit clients running on the host.  It also
      provides an audit record logging service to these clients.

      The Audit daemon runs under the local host's machine principal
      identity (host/hostname/self).

      A DCE Host daemon (dced) must be running on the local host when auditd
      is started.  Typically, dced and auditd are started at boot time. The
      auditd process places itself in the background and sends messages
      indicating it is ready to service requests for updating or querying
      filters and logging audit records.

    Privileges Required
      You must be logged into a privileged account (cell_admin or a member
      of the audit-admin group) to be able to run auditd.

 EXAMPLES
       1.  The following example starts the Audit daemon using the default
	   audit trail file (dcelocal/var/aud/adm/central_trail):

	   $ auditd



       2.  The following example starts the Audit daemon and specifies
	   my_trail_file as the audit trail file.

	   $auditd -t my_trail_file



       3.  The following example starts the Audit daemon and specifies where
	   each level of serviceability messages is going to be routed.

	   $ auditd -w FATAL:FILE:/dev/console -w NOTICE:FILE:/opt/dcelocal/var/audit/adm/svc_log



       4.  The following example starts the Audit daemon and  specifies the
	   debugging level.

	   $ auditd -d 1,esl.9






 Hewlett-Packard Company	    - 2 -	      OSF DCE 1.1/HP DCE 1.8






 auditd(1m)		  Open Software Foundation		  auditd(1m)




 RELATED INFORMATION
      aud(1m), audevents(1m), audfilter(1m), audtrail(1m), dcecp(1m).




















































 Hewlett-Packard Company	    - 3 -	      OSF DCE 1.1/HP DCE 1.8