Skip to main content

audit disable

The audit disable command disables an audit device at a given path, if one exists. This command is idempotent, meaning it succeeds even if no audit device is enabled at the path.

Once an audit device is disabled, no future audit logs are dispatched to it. The data associated with the audit device is unaffected. For example, if you disabled an audit device that was logging to a file, the file would still exist and have stored contents.

warning

Note: Once an audit device is disabled, you will no longer be able to HMAC values for comparison with entries in the audit logs. This is true even if you re-enable the audit device at the same path, as a new salt will be created for hashing.

Examples

Disable the audit device enabled at "file/":

$ bao audit disable file/
Success! Disabled audit device (if it was enabled) at: file/

Usage

There are no flags beyond the standard set of flags included on all commands.