auditcmd(ADM) 19 June 1992 auditcmd(ADM) Name auditcmd - command interface for audit subsystem activation, termination, statistic retrieval, and subsystem notification Syntax /tcb/bin/auditcmd [ -e ] [ -d ] [ -s ] [ -c ] [ -m ] [ -q ] Description The auditcmd utility is used to control the audit subsystem. This com- mand may only be executed by processes with the configaudit kernel authorization since the audit device is used. auditcmd allows the specification of the following options: -e Enable the audit subsystem for audit record generation. The ena- bling of the audit subsystem initializes subsystem parameters from the /tcb/files/audit/audit_parms file. This file is established using the sysadmsh(ADM) Audit selections. -s Inform the audit subsystem that a system shutdown is in progress. The subsystem will continue audit record generation to a temporary directory on the root file system. The audit daemon is also modi- fied so that it will survive the shutdown. The subsystem will con- tinue to generate audit records until disabled. -d Disable the audit subsystem. All audit record generation ceases and a termination record is written to the audit trail. This record results in the termination of the audit daemon. The subsys- tem properly synchronizes to ensure that the audit daemon has read all records from the audit trail before the system is allowed to terminate. -m Inform the audit subsystem that multi-user run state has been achieved and that alternate audit directories specified by the administrator using sysadmsh are now mounted and available. -c Retrieve audit subsystem statistics from the audit device. -q Perform the specified option silently. Do not report errors attri- butable to the audit subsystem not being enabled at the moment. See also audit(HW) ``Using the audit subsystem,'' chapter of the System Administrator's Guide. Diagnostics auditcmd returns 0 on success, 1 on command line argument error, and -1 on failure actions. Reasons for failure include parameter file incon- sistencies, lack of permission, and security database inconsistency. Value added auditcmd is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.