From fa88b858da3a412c0111185fc0576fc9ad3c4be3 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Thu, 3 Dec 2015 11:57:07 -0500
Subject: --tracelog

---
 src/man/firejail.txt | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

(limited to 'src/man')

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 28f75d023..62225c407 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1297,7 +1297,28 @@ Child process initialized
 parent is shutting down, bye...
 .TP
 \fB\-\-tracelog
-Add a log message in syslog for every access to blacklisted files or directories.
+This option enables auditing blacklisted files and directories. A message
+is sent to syslog in case the file or the directory is accessed. 
+.br
+
+.br
+Example:
+.br
+$ firejail --tracelog firefox
+.br
+
+.br
+Sample messages:
+.br
+$ sudo tail -f /var/log/syslog
+.br
+[...]
+.br
+Dec  3 11:43:25 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox, syscall open64, path /etc/shadow
+.br
+Dec  3 11:46:17 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox, syscall opendir, path /boot
+.br
+[...]
 .TP
 \fB\-\-tree
 Print a tree of all sandboxed processes, see MONITORING section for more details.
-- 
cgit v1.2.3-70-g09d2