auditoff(1M)


auditoff -- disable auditing

Synopsis

auditoff

Description

The auditoff shell level command allows the administrator with the appropriate privileges to disable auditing. The privileges required are audit and setplevel.

The execution of auditoff while auditing is enabled results in a flush of the audit buffer(s) to the audit log file. Additionally, a record indicating auditing has been disabled is written to the audit log file via the auditdmp system call. If the Linux Kernel Personality (LKP) is installed, but disabled, executing an auditoff command enables LKP. When auditing is disabled the auditable events currently in progress will not have a record written to the audit log file since they did not complete while auditing was enabled.

When the auditoff command is invoked and returns success, the following message will be displayed:

   Auditing disabled

Diagnostics

On successful completion, the auditoff command exits with a value of zero (0). If there are errors, it exits with one of the following values and prints the corresponding error message:

1
usage: auditoff

Invalid command syntax.


3
system service not installed

The audit package is not installed.


4
Permission denied

Failure because of insufficient privilege.


12
auditctl() failed ASTATUS, errno = error

Failure occurred while retrieving the status of auditing.


17
auditctl() failed AUDITOFF, errno = error

Failure occurred while attempting to disable auditing.


24
argvtostr() failed

The following warning messages may be printed:
   Auditing already disabled

References

auditlog(1M), auditon(1M), auditrpt(1M), auditset(1M), crash(1M)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004