From owner-freebsd-questions@freebsd.org  Wed May 24 01:50:51 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5503D78776
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 24 May 2017 01:50:51 +0000 (UTC)
 (envelope-from mhemmes@ffdyn.com)
Received: from granadax.ffdyn.com (granadax.ffdyn.com [96.224.249.227])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.ffdyn.com",
 Issuer "Starfield Secure Certificate Authority - G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A03531D88
 for <freebsd-questions@FreeBSD.org>; Wed, 24 May 2017 01:50:51 +0000 (UTC)
 (envelope-from mhemmes@ffdyn.com)
Received: from localhost (localhost [127.0.0.1])
 by granadax.ffdyn.com (Postfix) with ESMTP id 03BA41EF55AA9
 for <freebsd-questions@FreeBSD.org>; Tue, 23 May 2017 21:44:29 -0400 (EDT)
X-Virus-Scanned: amavisd-new at ffdyn.com
Received: from granadax.ffdyn.com ([127.0.0.1])
 by localhost (granadax.ffdyn.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qcD2fCq10Om0 for <freebsd-questions@freebsd.org>;
 Tue, 23 May 2017 21:44:28 -0400 (EDT)
Received: from [172.20.0.215] (unknown [172.20.0.215])
 by granadax.ffdyn.com (Postfix) with ESMTPSA id D81941EF55A8F
 for <freebsd-questions@FreeBSD.org>; Tue, 23 May 2017 21:44:27 -0400 (EDT)
From: Mike Hemmes <mhemmes@ffdyn.com>
Mime-Version: 1.0 (1.0)
Subject: File Object Auditing
Message-Id: <112D5DEC-22F5-43C9-B496-156E07BFD395@ffdyn.com>
Date: Tue, 23 May 2017 21:44:19 -0400
To: freebsd-questions@FreeBSD.org
X-Mailer: iPhone Mail (14F89)
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 01:50:51 -0000

Hello,
        I'm new to the TrustedBSD Security Event Auditing system and was try=
ing to figure out how I can configure auditing for a specific file or folder=
.  It seems as though audits are performed based on user.  I'm trying to con=
figure auditing for file read/write access for a folder shared on a server, i=
ncluding all child file and folder objects.=20

So let's say I want to audit any files read, written or deleted in the folde=
r /volumes/share, where would I create that entry and it's classes?




Thanks for your time,


	 =09
Mike Hemmes =E2=80=A2 Vice President
=20
Mobile: (631) 983-3403
Office: (866) 493-3473 x101 =E2=80=A2 Fax:  (866) 493-0764
120 West Granada Ave, Lindenhurst, NY 11757
mhemmes@ffdyn.com =E2=80=A2 ffdyn.com
  =20