Configuring the /etc/default/audit file

The attributes of the audit event log file and certain audit actions are controlled by the parameters in the /etc/default/audit file and through the user-level command auditlog(1M). You can use the System Defaults Manager or the defadm(1M) command to assign values to the parameters in the /etc/default/audit file. ``The /etc/default/audit file'' describes in detail how to use the /etc/default/audit file. The parameters in the /etc/default/audit file are intended to be used as default settings. Each time auditing is enabled these values are read, validated and used to establish the log file and certain audit actions. The auditlog command provides you with the ability to override these values. Additionally, the auditlog command offers the administrator the ability to display current settings and to define the maximum size of a log file, the high water mark, and a location and node name of an alternate log file which differs from the primary log file. See auditlog(1M) for more information.