As role secadmin, at label admin_low
, enter system-wide audit flags in the audit_control(4) file.
Enter the na class in the naflags: line if your site is auditing non-attributable events.
dir:/etc/security/audit/egret/files dir:/etc/security/audit/egret.1/files dir:/etc/security/audit/grebe/files flags: minfree:20 naflags:na
Enter other classes in the flags: line if your workstation is auditing user-level events.
dir:/etc/security/audit/egret/files dir:/etc/security/audit/egret.1/files dir:/etc/security/audit/grebe/files flags:lo,ad,-all,^-fc minfree:20 naflags:na
See "Sample audit_control File" for an explanation of the syntax of the audit flags' fields.
Write the file and exit the editor.
On a distributed system, the audit flags in the audit_control file must be identical on every workstation on the network. See "To Distribute Audit Configuration Files to a Network of Workstations" for a process to distribute master copies of files to all workstations on the network.