AUDIT_BINFILE(7) Standards, Environments, and Macros AUDIT_BINFILE(7)

audit_binfile - generation of audit logs

/usr/lib/security/audit_binfile.so

The audit_binfile plugin module for audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as specified in the plugin's attributes configured by auditconfig(8); it is the default plugin for the audit daemon auditd(8). Its output is described by audit.log(5).

The p_dir attribute specifies a comma-separated list of directories to be used for storing audit files.

The p_minfree attribute specifies the percentage of free space required. If free space falls below this threshold, the audit daemon auditd(8) invokes the shell script audit_warn(8). The default threshold is 0%.

The p_fsize attribute defines the maximum size in bytes that an audit file can become before it is automatically closed and a new audit file opened. This is equivalent to an administrator issuing an audit -n command when the audit file contains the specified number of bytes. The default size is zero (0), which allows the file to grow without bound. The value specified must be within the range of [512,000, 2,147,483,647].

The following commands cause audit_binfile.so to be activated, specify the directories for writing audit logs, and specify the percentage of required free space per directory. Note that using auditconfig(8) only allows one attribute to be set at a time.


# auditconfig -setplugin audit_binfile active p_minfree=20
# auditconfig -setplugin audit_binfile active \
p_dir=/var/audit/jedgar/eggplant,\
/var/audit/jedgar.aux/eggplant,\
/var/audit/global/eggplant

See attributes(7) for a description of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
MT Level MT-Safe
Interface Stability Committed

audit.log(5), attributes(7), auditconfig(8), auditd(8)

March 6, 2017 OmniOS