This configuration parameter specifies one or more session binary files to audit. This parameter was previously required to support command-level auditing on managed computers. The parameter is no longer required and can be removed if you upgrade the agent to the latest version.

Instead of setting this parameter, you must run the following command to enable auditing for specific command-line programs:

dacontrol --enable --command cmd_path

If you do not update the agent, you can use this parameter to specify commands to be audited by appending .daudit to the file name. For example, to audit secure shell (ssh) sessions:

dash.force.audit: /usr/share/centrifydc/bin/ssh.daudit

However, you still must run the dacontrol command to enable auditing for specific commands.

You can separate entries by typing a space or a comma. You can escape spaces or commas in file names using the backslash character (\). This parameter is not included in the configuration file by default.