-
Setting the path name of the primary log file:
defadm audit AUDIT_DEFPATH=/absolute/pathname
or
auditlog -P /absolute/pathname
-
Setting the node name of the primary log file:
defadm audit AUDIT_NODE=string
or
auditlog -p string
-
Setting the action to be taken when the log file is full:
defadm audit AUDIT_LOGFULL=[SHUTDOWN|DISABLE|SWITCH]
or
auditlog [-s | -d | [-A /absolute/pathname [-a string]]]
-
Specifying an alternate log file:
defadm audit AUDIT_LOGFULL=SWITCH
defadm audit AUDIT_DEFPATH=/absolute/pathname
or
auditlog -A /absolute/pathname
-
Setting the node name of the alternate log file:
defadm audit AUDIT_LOGFULL=SWITCH
defadm audit AUDIT_NODE=string
or
auditlog -a string
-
Specifying a program to run when there is a log switch:
defadm audit AUDIT_LOGFULL=SWITCH
defadm audit AUDIT_PGM=/absolute/pathname
or
auditlog -n /absolute/pathname_to_program
-
Specifying the maximum size of the log file:
auditlog -x size
-
Specifying the value of the high water mark:
auditlog -v value
-
Setting the action to be taken if there is an auditing subsystem error:
defadm audit AUDIT_LOGERR=[SHUTDOWN|DISABLE]
-
Displaying log file characteristics:
auditlog
-
Setting system wide audit criteria:
auditset -s [operator]event,. . .
-
Setting audit criteria dynamically for all active users:
auditset -a -e [operator]event,. . .
-
Setting audit criteria dynamically for specific active users:
auditset -u user,. . . -e [operator]event,. . .
-
Setting audit criteria when adding a user to the system:
useradd . . . -a event,. . . user
-
Setting audit criteria permanently for specific users:
usermod . . . -a [operator]event,. . . user
-
Displaying system wide and user audit criteria:
auditset
-
Displaying system wide audit criteria:
auditset -d
-
Displaying audit criteria for all users:
auditset -d -a
-
Displaying audit criteria for specific users:
auditset -d -u user,. . .
-
Starting auditing:
auditon
-
Stopping auditing:
auditoff
-
File for starting/stopping auditing when the system changes states:
/etc/init.d/audit