projects / apple / system_cmds.git / blame
| Commit | Line | Data |
|---|---|---|
| 733af6d0 A |
1 | .\" Copyright (c) 2004, Apple Computer, Inc. All rights reserved. |
| 2 | .\" | |
| 3 | .Dd Jan 24, 2004 | |
| 4 | .Dt AUDITD 8 | |
| 5 | .Os "Mac OS X" | |
| 6 | .Sh NAME | |
| 7 | .Nm auditd | |
| 8 | .Nd audit log management daemon | |
| 9 | .Sh SYNOPSIS | |
| 10 | .Nm auditd | |
| 11 | .Op Fl dhs | |
| 12 | .Sh DESCRIPTION | |
| 13 | The | |
| 14 | .Nm | |
| 15 | daemon responds to requests from the audit(1) utility and notifications | |
| 16 | from the kernel. It manages the resulting audit log files and specified | |
| 17 | log file locations. | |
| 18 | .Pp | |
| 19 | The options are as follows: | |
| 20 | .Bl -tag -width Ds | |
| 21 | .It Fl d | |
| 22 | Starts the daemon in debug mode - it will not daemonize. | |
| 23 | .It Fl h | |
| 24 | Specifies that if auditing cannot be performed as specified, the system should | |
| 25 | halt (panic). Normally, the system will attempt to proceed - although individual | |
| 26 | processes may be stopped (see the -s option). | |
| 27 | .It Fl s | |
| 28 | Specifies that individual processes should stop rather than perform operations | |
| 29 | that may cause audit records to be lost due to log file full conditions | |
| 30 | .El | |
| 31 | .Sh NOTE | |
| 32 | .Pp | |
| 33 | To assure uninterrupted audit support, the | |
| 34 | .Nm auditd | |
| 35 | daemon should not be started and stopped manually. Instead, the audit(1) command | |
| 36 | should be used to inform the daemon to change state/configuration after altering | |
| 37 | the audit_control file. | |
| 38 | .Pp | |
| 39 | Sending a SIGHUP to a running | |
| 40 | .Nm auditd | |
| 41 | daemon will force it to exit. | |
| 42 | .Sh FILES | |
| 43 | .Bl -tag -width "/var/audit" -compact | |
| 44 | .It Pa /var/audit | |
| 45 | Default directory for storing audit log files. | |
| 46 | .El | |
| 47 | .Sh SEE ALSO | |
| 48 | .Xr audit 1 |