auditd.tproj/auditd.8

   1 .\" Copyright (c) 2004, Apple Computer, Inc.  All rights reserved.
   2 .\"
   3 .Dd Jan 24, 2004
   4 .Dt AUDITD 8
   5 .Os "Mac OS X"
   6 .Sh NAME
   7 .Nm auditd
   8 .Nd audit log management daemon
   9 .Sh SYNOPSIS
  10 .Nm auditd
  11 .Op Fl dhs
  12 .Sh DESCRIPTION
  13 The
  14 .Nm
  15 daemon responds to requests from the audit(1) utility and notifications
  16 from the kernel.  It manages the resulting audit log files and specified
  17 log file locations.
  18 .Pp
  19 The options are as follows:
  20 .Bl -tag -width Ds
  21 .It Fl d
  22 Starts the daemon in debug mode - it will not daemonize.
  23 .It Fl h
  24 Specifies that if auditing cannot be performed as specified, the system should
  25 halt (panic).  Normally, the system will attempt to proceed - although individual
  26 processes may be stopped (see the -s option).
  27 .It Fl s
  28 Specifies that individual processes should stop rather than perform operations
  29 that may cause audit records to be lost due to log file full conditions
  30 .El
  31 .Sh NOTE
  32 .Pp
  33 To assure uninterrupted audit support, the
  34 .Nm auditd
  35 daemon should not be started and stopped manually.  Instead, the audit(1) command
  36 should be used to inform the daemon to change state/configuration after altering
  37 the audit_control file.
  38 .Pp
  39 Sending a SIGHUP to a running
  40 .Nm auditd
  41 daemon will force it to exit.
  42 .Sh FILES
  43 .Bl -tag -width "/var/audit" -compact
  44 .It Pa /var/audit
  45 Default directory for storing audit log files.
  46 .El
  47 .Sh SEE ALSO
  48 .Xr audit 1