How SACL-based audit rules record access decisions, including conditional, continuous, and privilege-use auditing.
Managing audit ACEs, enabling continuous auditing, and querying audit events with the sd and eventctl tools.