The most common use case for audit is auditing whether a given file has changed. The audit system was designed for a particular customer's needs by Puppet. Indications are that this need was largely around auditing files. For this reason, support around auditing files as well as documentation is the strongest for auditing the file type.
To use audit on a file, we add the audit meta-parameter to its declaration. For example:
file { '/etc/shells': audit => 'all', }
This tells Puppet that it should audit every attribute on the file /etc/shells
. If anything on this file changes, it will log messages in the local log file as well as generate report events indicating the changes.
On paper, any attribute is available to be audited. However, some attributes do not make sense. The Puppet language reference as of version 3.6 lists many available attributes for the file type. A current available list can be found at https://docs.puppetlabs.com/references/latest...