auditd(8) Mac OS X Manual Page

Mac Dev Center Mac OS X Reference Library General Mac OS X Man Pages

This manual page is for Mac OS X version 10.6.3

If you are running a different version of Mac OS X, view the documentation locally:

In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

For more information about the manual page format, see the manual page for manpages(5).
For more information about this technology, look for other documentation in the Apple Reference Library.
For general information about writing shell scripts, read Shell Scripting Primer.


AUDITD(8)                                BSD System Manager's Manual                               AUDITD(8)

NAME
     auditd -- audit log management daemon

SYNOPSIS
     auditd [-d | -l]

DESCRIPTION
     The auditd daemon responds to requests from the audit(8) utility and notifications from the kernel.  It
     manages the resulting audit log files and specified log file locations.

     The options are as follows:

     -d      Starts the daemon in debug mode -- it will not daemonize.

     -l      This option is for when auditd is configured to start on-demand using launchd(8).

     Optionally, the audit review group "audit" may be created.  Non-privileged users that are members of
     this group may read the audit trail log files.

NOTE
     To assure uninterrupted audit support, the auditd daemon should not be started and stopped manually.
     Instead, the audit(8) command should be used to inform the daemon to change state/configuration after
     altering the audit_control file.

     If auditd is started on-demand by launchd(8) then auditing should only be started and stopped with
     audit(8).

     On Mac OS X, auditd uses the asl(3) API for writing system log messages.  Therefore, only the audit
     administrator and members of the audit review group will be able to read the system log entries.

FILES
     /var/audit     Default directory for storing audit log files.

     /etc/security  The directory containing the auditing configuration files audit_class(5),
                    audit_control(5), audit_event(5), and audit_warn(5).

COMPATIBILITY
     The historical -h and -s flags are now configured using audit_control(5) policy flags ahlt and cnt, and
     are no longer available as arguments to auditd.

SEE ALSO
     asl(3), libauditd(3), audit(4), audit_class(5), audit_control(5), audit_event(5), audit_warn(5),
     audit(8), launchd(8)

HISTORY
     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under
     contract to Apple Computer Inc. in 2004.  It was subsequently adopted by the TrustedBSD Project as the
     foundation for the OpenBSM distribution.

AUTHORS
     This software was created by McAfee Research, the security research division of McAfee, Inc., under
     contract to Apple Computer Inc.  Additional authors include Wayne Salamon, Robert Watson, and SPARTA
     Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined
     by Sun Microsystems.

BSD                                           December 11, 2008                                          BSD

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors: Report errors in the content of this documentation with the feedback links below.
Bug reports: Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems: Report formatting mistakes in the online version of these pages with the feedback links below.

Did this document help you?