File Object Auditing

Mike Hemmes mhemmes at
Wed May 24 01:50:51 UTC 2017

        I'm new to the TrustedBSD Security Event Auditing system and was trying to figure out how I can configure auditing for a specific file or folder.  It seems as though audits are performed based on user.  I'm trying to configure auditing for file read/write access for a folder shared on a server, including all child file and folder objects. 

So let's say I want to audit any files read, written or deleted in the folder /volumes/share, where would I create that entry and it's classes?

Thanks for your time,

Mike Hemmes • Vice President
Mobile: (631) 983-3403
Office: (866) 493-3473 x101 • Fax:  (866) 493-0764
120 West Granada Ave, Lindenhurst, NY 11757
mhemmes at •

More information about the freebsd-questions mailing list