auditd.8   [plain text]


.\" Copyright (c) 2004, Apple Computer, Inc.  All rights reserved.
.\"
.Dd Jan 24, 2004
.Dt AUDITD 8
.Os "Mac OS X"
.Sh NAME
.Nm auditd
.Nd audit log management daemon
.Sh SYNOPSIS
.Nm auditd
.Op Fl dhs
.Sh DESCRIPTION
The
.Nm 
daemon responds to requests from the audit(1) utility and notifications
from the kernel.  It manages the resulting audit log files and specified
log file locations.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl d
Starts the daemon in debug mode - it will not daemonize.
.It Fl h
Specifies that if auditing cannot be performed as specified, the system should
halt (panic).  Normally, the system will attempt to proceed - although individual
processes may be stopped (see the -s option).
.It Fl s
Specifies that individual processes should stop rather than perform operations
that may cause audit records to be lost due to log file full conditions
.El
.Sh NOTE
.Pp
To assure uninterrupted audit support, the
.Nm auditd
daemon should not be started and stopped manually.  Instead, the audit(1) command
should be used to inform the daemon to change state/configuration after altering
the audit_control file.
.Pp
Sending a SIGHUP to a running
.Nm auditd
daemon will force it to exit.
.Sh FILES
.Bl -tag -width "/var/audit" -compact
.It Pa /var/audit
Default directory for storing audit log files.
.El
.Sh SEE ALSO
.Xr audit 1