Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   10987 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

aud(1m)								       aud(1m)

NAME
       aud - A dcecp object that manages the audit daemon on a DCE host

SYNOPSIS
       aud disable [remote_audit_daemon_name]

       aud enable [remote_audit_daemon_name]

       aud help [operation | -verbose]

       aud   modify   [remote_audit_daemon_name]   {-change  attribute_list  |
       -attribute value}

       aud operations

       aud rewind [remote_audit_daemon_name]

       aud show [remote_audit_daemon_name] [-attributes]

       aud stop [remote_audit_daemon_name]

ARGUMENTS
       The name of the aud operation for which to  display  help  information.
       By  default,  operations pertain to the local audit daemon.  This argu‐
       ment specifies the name or the binding of the remote  audit  daemon  to
       operate	on.   The name syntax is as follows: /.../cellname/hosts/host‐
       name/auditd

       A remote audit daemon can also be specified with a string  binding  for
       the  remote  host  on  which the audit daemon is running.  Use a string
       binding such  as	 the  following:  ncacn_ip_tcp:130.105.1.227[endpoint]
       Alternatively,  you can specify the binding by using Tcl syntax such as
       the following: {ncacn_ip_tcp 130.105.1.227 1234}

DESCRIPTION
       The aud object represents the audit daemon (called auditd in the refer‐
       ence  implementation)  on a host.  The daemon creates audit trails on a
       single host.  Using this command, you can enable or disable  a  daemon,
       change  how  the daemon acts when the file system storage for its audit
       trail is full, and rewind an audit trail file.

       This command operates  on  the  audit  daemon  named  in	 the  optional
       remote_audit_daemon_name	 argument.   If	 the argument is not supplied,
       the command operates on the audit daemon named by  the  _s(aud)	conve‐
       nience  variable.   If the variable is not set, the command operates on
       the audit daemon on the local host.

ATTRIBUTES
       The audit trail storage strategy of the daemon.	This attribute defines
       what  the daemon does if the audit trail storage is full.  Its possible
       values are as follows: If the specified trail  size  limit  is  reached
       (the  default  is  2  MB), auditd saves the current trail file to a new
       file (this file has the same name as the original trail file, with  the
       date  and  time	appended).   Then,  auditd deletes the contents of the
       original trail file and continues auditing from the beginning  of  this
       file.   This  is	 the  default value for stostrategy.  The daemon over‐
       writes the old audit trails.  Specifies whether	the  audit  daemon  is
       accepting audit log requests.  The values are enabled or disabled.  The
       default is enabled.

       See the OSF DCE Administration Guide for more information  about	 audit
       attributes.

OPERATIONS
   aud disable
       Disables	 an  audit  daemon.   The  syntax  is  as follows: aud disable
       [remote_audit_daemon_name]

       The disable operation disables the audit record logging service	of  an
       audit  daemon and changes its state attribute to disabled.  This opera‐
       tion returns an empty string on success.

       Privileges Required

       You must have c (control) permission on the audit daemon's ACL, and you
       must be authenticated.

       Examples

       dcecp> aud disable dcecp>

   aud enable
       Enables	an  audit  daemon.   The  syntax  is  as  follows:  aud enable
       [remote_audit_daemon_name]

       The enable operation enables the audit record  logging  service	of  an
       audit  daemon  and changes its state attribute to enabled.  This opera‐
       tion returns an empty string on success.

       Privileges Required

       You must have c (control) permission on the audit daemon's ACL, and you
       must be authenticated.

       Examples

       dcecp> aud enable dcecp>

   aud help
       Returns	help information about the aud object and its operations.  The
       syntax is as follows: aud help [operation | -verbose]

       Options Displays information about the aud object.

       Used without an argument or option, the aud help command returns	 brief
       information  about each aud operation.  The optional operation argument
       is the name of an operation about which you want detailed  information.
       Alternatively, you can use the -verbose option for more detailed infor‐
       mation about the aud object itself.

       Privileges Required

       No special privileges are needed to use the aud help command.

       Examples

       dcecp> aud help disable		   Disables the audit daemon.	enable
       Enables	the audit daemon.  modify	       Modifies the attributes
       of the audit daemon.  rewind		 Rewinds the  specified	 audit
       trail   file   to   the	beginning.   show		  Returns  the
       attributes of an audit daemon.	stop		     Stops  the	 audit
       daemon.	 help		     Prints a summary of command-line options.
       operations	   Returns a list of the  valid	 operations  for  this
       command.	 dcecp>

   aud modify
       Changes	the values of audit attributes.	 The syntax is as follows: aud
       modify [remote_audit_daemon_name] {-change attribute_list |  -attribute
       value}

       Options As an alternative to using the -change option with an attribute
       list, you can specify individual	 attribute  options  by	 prepending  a
       hyphen  (-)  to	any attribute listed in the ATTRIBUTES section of this
       reference page.	Allows you to specify attributes by using an attribute
       list  rather  than  individual  attribute  options.  The	 format	 of an
       attribute list is as follows: {{attribute value}...{attribute value}}

       The  modify  operation  allows  modification  of	  the	audit	daemon
       attributes.   It	 accepts  the  ‐change option which takes an attribute
       list as a value.	 This operation returns an empty string on success.

       Privileges Required

       You must have c (control) permission on the audit daemon's ACL, and you
       must be authenticated.

       Examples

       dcecp>  aud  modify -change {{stostrategy wrap} {state enabled}} dcecp>
       aud modify -stostrategy wrap -state enabled dcecp>

   aud operations
       Returns a list of the operations supported by the aud object.  The syn‐
       tax is as follows: aud operations

       The  list  of  available operations is in alphabetical order except for
       help and operations, which are listed last.

       Privileges Required

       No special privileges are needed to use the aud operations command.

       Examples

       dcecp> aud operations disable enable modify rewind show stop help oper‐
       ations dcecp>

   aud rewind
       Rewinds	the  central audit trail file to the beginning.	 The syntax is
       as follows: aud rewind [remote_audit_daemon_name]

       The rewind operation by default operates on  the	 central  trail	 file.
       This operation returns an empty string on success.

       Privileges Required

       You must have c (control) permission on the audit daemon's ACL, and you
       must be authenticated.

       Examples

       dcecp> aud rewind dcecp>

   aud show
       Returns the attribute list for the audit daemon.	 The syntax is as fol‐
       lows: aud show [remote_audit_daemon_name] [-attributes]

       Options Returns audit daemon attributes.

       The  show  operation  returns  the attribute list for the audit daemon.
       The attributes are returned in lexical order.  The  -attributes	option
       is  provided  for  consistency  with other dcecp commands.  It does not
       change the performance of the command.

       Privileges Required

       You must have r (read) permission on the audit daemon, and you must  be
       authenticated.

       Examples

       dcecp> aud show {stostrategy wrap} {state enabled} dcecp>

   aud stop
       Stops   the   audit  daemon.   The  syntax  is  as  follows:  aud  stop
       [remote_audit_daemon_name]

       The stop operation stops the  audit  daemon  process.   This  operation
       returns an empty string on success.

       Privileges Required

       You  must have c (control) permission on the audit daemon, and you must
       be authenticated.

       Examples

       dcecp> aud stop dcecp>

RELATED INFORMATION
       Commands:  auditd(1m),  dcecp(1m),  dcecp_audevents(1m),	 dcecp_audfil‐
       ter(1m), dcecp_audtrail(1m).

       Files:	 aud_audit_events(5),	dts_audit_events(5),   event_class(5),
       sec_audit_events(5).

								       aud(1m)

Vote for polarhome