1.\"-
2.\" Copyright (c) 2006 Robert N. M. Watson
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.\"
26.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.8#6 $
27.\"
28.Dd October 3, 2006
29.Dt AUDITFILTERD 8
30.Os
31.Sh NAME
32.Nm auditfilterd
33.Nd audit filter daemon
34.Sh SYNOPSIS
35.Nm
36.Op Fl d
37.Op Fl c Ar conffile
38.Op Fl p Ar pipefile
39.Op Fl t Ar trailfile
40.Sh DESCRIPTION
41The
42.Nm
43daemon is an extensible audit event monitoring daemon, allowing pluggable
44modules to track audit events from a live audit source.
45It is configured using the audit_filter configuration file.
46The source can either be a pipe or a file.
47.Pp
48The options are as follows:
49.Bl -tag -width indent
50.It Fl c Ar conffile
51Specify an alternative configuration file.
52.It Fl d
53Starts the daemon in debug mode \[em] it will not daemonize.
54.It Fl p Ar pipefile
55Specify a pipe as an alternative source of audit event records.
56Default is
57.Pa /dev/auditpipe .
58.It Fl t Ar trailfile
59Specify a file as an alternative source of audit event records.
60.El
61.Sh FILES
62.Bl -tag -width ".Pa /etc/security/audit_filterd" -compact
63.It Pa /etc/security/audit_filterd
64Default configuration file for
65.Nm .
66.It Pa /dev/auditpipe
67Default audit record source for
68.Nm .
69.El
70.Sh SEE ALSO
71.Xr audit 8 ,
72.Xr auditd 8
73.Sh HISTORY
74The OpenBSM implementation was created by McAfee Research, the security
75division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
76It was subsequently adopted by the TrustedBSD Project as the foundation for
77the OpenBSM distribution.
78.Sh AUTHORS
79The
80.Nm
81daemon and audit filter APIs were created by
82.An Robert Watson .
83.Sh BUGS
84.Nm
85is experimental, and should not be relied on in production.
86APIs and services it offers can and will change in future OpenBSM releases.
87