This is an archive of past FreeBSD releases; it's part of the FreeBSD Documentation Archive.

16.3. Installing Audit Support

16.3. Installing Audit Support

Support for Event Auditing is installed with the normal installworld process. An administrator may confirm this by viewing the contents of /etc/security. Files beginning with the word audit should be present. For example, audit_event.

In-kernel support for the framework must also exist. This may be done by adding the following lines to the local kernel configuration file:

options	AUDIT

Rebuild and reinstall the kernel via the normal process explained in Rozdział 8, Konfiguracja jądra FreeBSD.

Once completed, enable the audit daemon by adding the following line to rc.conf(5):


Functionality not provided by the default may be added here with the auditd_flags option.

All FreeBSD documents are available for download at

Questions that are not answered by the documentation may be sent to <>.
Send questions about this document to <>.