Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Cheat Sheet - DirectAudit Commands on Unix & Linux Systems

11 April,19 at 11:50 AM

If you are looking to troubleshoot your DirectAudit installation, learn more concerning its features, or likely Technical Support is asking for more information, here is a list of common commands useful when interacting with DirectAudit

 

dainfo

What:    A display of some diagnostic information concerning the DirectAudit agent on the server.

Why:     You can use this command to see if the daemon is online and if you are connected to a Collector in your network.

 

dadiag

What:    A single command instead of using “dainfo -d” giving diagnostic output.

Why:     Whereas the dacheck command focuses on the OS level settings, this command will give greater information on the agent’s connection with the Collector, the Audit Store, and the Audit Store Database.

 

dacheck

(requires full path of /usr/share/centrifydc/bin/dacheck)

What:    A deeper diagnostics check which will include logging level, DirectControl status, and OS settings.

Why:     The output of this command is most beneficial when trying to troubleshoot OS setting compatibility with the DirectAudit agent.

 

dacontrol

What:    For use when implementing specific command line auditing.

Why:     General use of the audit feature will set to record all user activity on the target server. If you want to only monitor for certain commands you can assign those rules with dacontrol.

 

dareload

What:    A forced reload of configuration properties.

Why:     After editing configuration properties for local command auditing, Collector assignment, and other advanced monitoring techniques, you can run dareload to apply your changes without restarting the client.

 

dad

What:    Simple command to start the DirectAudit daemon.

Why:     Default configurations should have the daemon start automatically, but if personal preferences have altered that setting, or during troubleshooting, you can start the daemon manually.

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.