From owner-svn-doc-all@FreeBSD.ORG  Mon Mar 31 14:14:58 2014
Return-Path: <owner-svn-doc-all@FreeBSD.ORG>
Delivered-To: svn-doc-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B3E8EAE7;
 Mon, 31 Mar 2014 14:14:58 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 999BD29D;
 Mon, 31 Mar 2014 14:14:58 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2VEEws9015971;
 Mon, 31 Mar 2014 14:14:58 GMT (envelope-from dru@svn.freebsd.org)
Received: (from dru@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2VEEwm6015970;
 Mon, 31 Mar 2014 14:14:58 GMT (envelope-from dru@svn.freebsd.org)
Message-Id: <201403311414.s2VEEwm6015970@svn.freebsd.org>
From: Dru Lavigne <dru@FreeBSD.org>
Date: Mon, 31 Mar 2014 14:14:58 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r44395 - head/en_US.ISO8859-1/books/handbook/audit
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all/>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 14:14:58 -0000

Author: dru
Date: Mon Mar 31 14:14:58 2014
New Revision: 44395
URL: http://svnweb.freebsd.org/changeset/doc/44395

Log:
  Small corrections to audit chapter.
  
  Submitted by: Taras Korenko
  Sponsored by:	iXsystems

Modified:
  head/en_US.ISO8859-1/books/handbook/audit/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/audit/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Mon Mar 31 13:57:12 2014	(r44394)
+++ head/en_US.ISO8859-1/books/handbook/audit/chapter.xml	Mon Mar 31 14:14:58 2014	(r44395)
@@ -196,8 +196,10 @@ requirements. -->
     <title>Audit Configuration</title>
 
     <para>User space support for event auditing is installed as part
-      of the base &os; operating system.  Kernel support can be
-      enabled by adding the following line to
+      of the base &os; operating system.  Kernel support is available
+      in the <filename>GENERIC</filename> kernel by default,
+      and &man.auditd.8; can be enabled
+      by adding the following line to
       <filename>/etc/rc.conf</filename>:</para>
 
     <programlisting>auditd_enable="YES"</programlisting>
@@ -217,10 +219,7 @@ requirements. -->
       <para>Selection expressions are used in a number of places in
 	the audit configuration to determine which events should be
 	audited.  Expressions contain a list of event classes to
-	match, each with a prefix indicating whether matching records
-	should be accepted or ignored, and optionally to indicate if
-	the entry is intended to match successful or failed
-	operations.  Selection expressions are evaluated from left to
+	match.  Selection expressions are evaluated from left to
 	right, and two expressions are combined by appending one onto
 	the other.</para>
 
@@ -383,10 +382,10 @@ requirements. -->
       </table>
 
       <para>These audit event classes may be customized by modifying
-	the <filename>audit_class</filename> and <filename>audit_
-	  event</filename> configuration files.</para>
+	the <filename>audit_class</filename> and
+	<filename>audit_event</filename> configuration files.</para>
 
-      <para>Each audit event class is combined with a prefix
+      <para>Each audit event class may be combined with a prefix
 	indicating whether successful/failed operations are matched,
 	and whether the entry is adding or removing matching for the
 	class and type.  <xref linkend="event-prefixes"/> summarizes
@@ -650,8 +649,8 @@ trailer,133</programlisting>
     <para>Since audit logs may be very large, a subset of records can
       be selected using <command>auditreduce</command>.  This example
       selects all audit records produced for the user
-      <replaceable>trhodes</replaceable> stored in
-      <replaceable>AUDITFILE</replaceable>:</para>
+      <systemitem class="username">trhodes</systemitem> stored in
+      <filename>AUDITFILE</filename>:</para>
 
     <screen>&prompt.root; <userinput>auditreduce -u <replaceable>trhodes</replaceable> /var/audit/<replaceable>AUDITFILE</replaceable> | praudit</userinput></screen>
 
@@ -739,8 +738,8 @@ trailer,133</programlisting>
 
       <para>Automatic rotation of the audit trail file based on file
 	size is possible using <option>filesz</option> in
-	<filename>audit.control</filename> as described in <xref
-	  linkend="audit-config"/>.</para>
+	<filename>audit_control</filename> as described in <xref
+	  linkend="audit-auditcontrol"/>.</para>
 
       <para>As audit trail files can become very large, it is often
 	desirable to compress or otherwise archive trails once they