1.\"- 2.\" Copyright (c) 2006 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#6 $ 27.\" 28.Dd October 3, 2006 29.Dt AUDITFILTERD 8 30.Os 31.Sh NAME 32.Nm auditfilterd 33.Nd audit filter daemon 34.Sh SYNOPSIS 35.Nm 36.Op Fl d 37.Op Fl c Ar conffile 38.Op Fl p Ar pipefile 39.Op Fl t Ar trailfile 40.Sh DESCRIPTION 41The 42.Nm 43daemon is an extensible audit event monitoring daemon, allowing pluggable 44modules to track audit events from a live audit source. 45It is configured using the audit_filter configuration file. 46The source can either be a pipe or a file. 47.Pp 48The options are as follows: 49.Bl -tag -width indent 50.It Fl c Ar conffile 51Specify an alternative configuration file. 52.It Fl d 53Starts the daemon in debug mode \[em] it will not daemonize. 54.It Fl p Ar pipefile 55Specify a pipe as an alternative source of audit event records. 56Default is 57.Pa /dev/auditpipe . 58.It Fl t Ar trailfile 59Specify a file as an alternative source of audit event records. 60.El 61.Sh FILES 62.Bl -tag -width ".Pa /etc/security/audit_filterd" -compact 63.It Pa /etc/security/audit_filterd 64Default configuration file for 65.Nm . 66.It Pa /dev/auditpipe 67Default audit record source for 68.Nm . 69.El 70.Sh SEE ALSO 71.Xr audit 8 , 72.Xr auditd 8 73.Sh HISTORY 74The OpenBSM implementation was created by McAfee Research, the security 75division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 76It was subsequently adopted by the TrustedBSD Project as the foundation for 77the OpenBSM distribution. 78.Sh AUTHORS 79The 80.Nm 81daemon and audit filter APIs were created by 82.An Robert Watson . 83.Sh BUGS 84.Nm 85is experimental, and should not be relied on in production. 86APIs and services it offers can and will change in future OpenBSM releases. 87