If you are looking to troubleshoot your DirectAudit installation, learn more concerning its features, or likely Technical Support is asking for more information, here is a list of common commands useful when interacting with DirectAudit
What: A display of some diagnostic information concerning the DirectAudit agent on the server.
Why: You can use this command to see if the daemon is online and if you are connected to a Collector in your network.
What: A single command instead of using “dainfo -d” giving diagnostic output.
Why: Whereas the dacheck command focuses on the OS level settings, this command will give greater information on the agent’s connection with the Collector, the Audit Store, and the Audit Store Database.
(requires full path of /usr/share/centrifydc/bin/dacheck)
What: A deeper diagnostics check which will include logging level, DirectControl status, and OS settings.
Why: The output of this command is most beneficial when trying to troubleshoot OS setting compatibility with the DirectAudit agent.
What: For use when implementing specific command line auditing.
Why: General use of the audit feature will set to record all user activity on the target server. If you want to only monitor for certain commands you can assign those rules with dacontrol.
What: A forced reload of configuration properties.
Why: After editing configuration properties for local command auditing, Collector assignment, and other advanced monitoring techniques, you can run dareload to apply your changes without restarting the client.
What: Simple command to start the DirectAudit daemon.
Why: Default configurations should have the daemon start automatically, but if personal preferences have altered that setting, or during troubleshooting, you can start the daemon manually.