'\" te
.\" Copyright (c) 1993, 2012, Oracle and/or its affiliates. All rights reserved.
.TH audit 1M "3 May 2012" "SunOS 5.11" "System Administration Commands"
.SH NAME
audit \- control the behavior of the audit service
.SH SYNOPSIS
.LP
.nf
\fBaudit\fR \fB-n\fR | \fB-s\fR | \fB-t\fR | \fB-v\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBaudit\fR command is the system administrator's interface to start, terminate, and refresh the audit service, \fBauditd\fR(1M). Refreshing the audit service rereads the service and plugin configuration.
.SH OPTIONS
.sp
.ne 2
.mk
.na
\fB\fB-n\fR\fR
.ad
.RS 6n
.rt  
Notify the audit service \fBaudit_binfile\fR(5) plugin to close the current audit file and open a new audit file in the current audit directory.
.sp
\fBaudit_remote\fR(5) is notified to close the current open connection which inherently means that the audit remote server will close the related audit file. \fBaudit_remote\fR(5) attempts to establish a new connection with the same host, thus open a new audit file.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-s\fR\fR
.ad
.RS 6n
.rt  
Start (enable) the audit service if it is not running, or refresh the audit service, if it is currently running.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-t\fR\fR
.ad
.RS 6n
.rt  
Terminate (disable) the audit service.  The audit service will close out the active plugins, stop auditing and exit. Use \fB-s\fR to restart auditing.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-v\fR\fR
.ad
.RS 6n
.rt  
Verify that at least one plugin is active or audit remote server is enabled. Verify attributes of plugins and audit remote server \fBars\fR(5) configuration.
.RE

.SH DIAGNOSTICS
.sp
.LP
The \fBaudit\fR command will exit with \fB0\fR upon success and a positive integer upon failure.
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/core-os
_
Interface StabilityCommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBauditconfig\fR(1M), \fBauditd\fR(1M), \fBars\fR(5), \fBattributes\fR(5), \fBaudit_binfile\fR(5)
.sp
.LP
See the section on Auditing in \fISecuring Systems and Attached Devices in Oracle Solaris 11.3\fR.
.SH NOTES
.sp
.LP
The \fBaudit\fR command does not modify a process's preselection mask. Its functions are limited to performing control actions of the auditing subsystem. See \fBauditconfig\fR(1M) for configuration.
.sp
.LP
The \fB-s\fR option validates the audit plugin configuration. If it is not valid an error message is displayed and the audit service is not started or refreshed. The \fB-v\fR option may be used to validate the audit plugin configuration before using the \fB-s\fR option to start or refresh the audit service.
.sp
.LP
The \fB-s\fR option also checks state of the audit service. In case the audit service is found in the maintenance state (thus not able to be enabled or refreshed) the \fBaudit\fR command returns with an appropriate message and exit code.
.sp
.LP
The \fBaudit\fR command is available to administrators who have the Audit Control Rights Profile.
.sp
.LP
All options are valid in the global zone. In a non-global zone, if perzone policy is disabled and the audit remote server is not enabled, only the \fB-v\fR option is valid. See \fBauditconfig\fR(1M) for per-zone audit configuration.