AUDIT(8) System Manager's Manual AUDIT(8)
audit - audit trail maintenance
audit [ -n|-s|-t ]
audit -d username
audit -u username audit_event_state
This program is available with the Security software installation
option. Refer to for information on how to install optional software.
The audit command is the general administrator's interface to kernel
auditing. The process audit state for a user can be temporarily or
permanently altered. The audit daemon may be notified to read the con-
tents of the audit_control file and re-initialize the current audit
directory to the first directory listed in the audit_control file, or
to open a new audit file in the current audit directory specified in
the audit_control file as last read by the audit daemon. Auditing may
also be terminated/disabled.
-n Signal audit daemon to close the current audit file and open a
new audit file in the current audit directory.
-s Signal audit daemon to read audit control file. The audit dae-
mon stores the information internally.
-t Signal audit daemon to disable auditing and die.
Change the process audit state of all processes owned by user-
name. This new process audit state is constructed from the sys-
tem and user audit values as specified in the audit_control and
passwd.adjunct files respectively.
-u username audit_event_state
Set the process audit state from audit_event_state for all cur-
rent processes owned by username. See audit_control(5) for the
format of the system audit value. The process audit state is
one argument. Enclose the audit event state in quotes, or do
not use SPACE characters in the process audit state specifica-
tion. A new login session reconstructs the process audit state
from the audit flags in the audit_control and passwd.adjunct
audit(2), setuseraudit(2), getauditflags(3), getfauditflags(3),
26 January 1988 AUDIT(8)