Starting the Audit DaemonThe DCE Audit Service is not a distributed application. The audit daemon (auditd) does not need to run on all DCE hosts even if a client application is making use of the audit service. The audit daemon only needs to run on a host if the audit logs are to go to the central trail file or if filters are to be installed on the host. This is because the audit daemon controls access to the central trail file and also manages the audit filters. However, since the DTS daemon and the security server daemon are audit clients, you may want to consider running the audit daemon on all hosts in the cell. You must be root to be able to start the audit daemon. Use the following command to start the audit daemon: auditd This command uses flags that influence the behavior of the daemon. For more details on these flags, see the auditd(8sec) reference page.
|