Tribblix: manual page: audit

AUDIT_BINFILE(7) Standards, Environments, and Macros AUDIT_BINFILE(7)

NAME

audit_binfile - generation of audit logs

SYNOPSIS

/usr/lib/security/audit_binfile.so

DESCRIPTION

The audit_binfile plugin module for audit,
/usr/lib/security/audit_binfile.so, writes binary audit data to files
as specified in the plugin's attributes configured by auditconfig(8);
it is the default plugin for the audit daemon auditd(8). Its output
is described by audit.log(5).

OBJECT ATTRIBUTES

The p_dir attribute specifies a comma-separated list of directories
to be used for storing audit files.

The p_minfree attribute specifies the percentage of free space
required. If free space falls below this threshold, the audit daemon
auditd(8) invokes the shell script audit_warn(8). The default
threshold is 0%.

The p_fsize attribute defines the maximum size in bytes that an audit
file can become before it is automatically closed and a new audit
file opened. This is equivalent to an administrator issuing an audit
-n command when the audit file contains the specified number of
bytes. The default size is zero (0), which allows the file to grow
without bound. The value specified must be within the range of
[512,000, 2,147,483,647].

EXAMPLES

The following commands cause audit_binfile.so to be activated,
specify the directories for writing audit logs, and specify the
percentage of required free space per directory. Note that using
auditconfig(8) only allows one attribute to be set at a time.

# auditconfig -setplugin audit_binfile active p_minfree=20
# auditconfig -setplugin audit_binfile active \
p_dir=/var/audit/jedgar/eggplant,\
/var/audit/jedgar.aux/eggplant,\
/var/audit/global/eggplant