Abstract: A broadband access server (BAS) was used as auditing agent to implement a distributed security auditing system on metropolitan area network (DSASMAN). A new packet filter mechanism based on hardware packet filter (HPF) was proposed. The mechanism of routing and forwarding in BAS was modified from“route once, switch many”to“audit once, pass many”. The algorithm based on time inductive machine was used to accomplish the auditing to UDP based accesses. The proposed auditing system has been implemented in an experimental routing switch that was used as a BAS and showed good auditing performances.