To Set Audit Flags

1. As role secadmin, at label admin_low, enter system-wide audit flags in the audit_control(4) file.

   1. Open the System_Admin folder from the Application Manager.

   2. Double-click the Audit Control action.

2. Enter the na class in the naflags: line if your site is auditing non-attributable events.

   dir:/etc/security/audit/egret/files
   dir:/etc/security/audit/egret.1/files
   dir:/etc/security/audit/grebe/files
   flags:
   minfree:20
   naflags:na
   

3. Enter other classes in the flags: line if your workstation is auditing user-level events.

   dir:/etc/security/audit/egret/files
   dir:/etc/security/audit/egret.1/files
   dir:/etc/security/audit/grebe/files
   flags:lo,ad,-all,^-fc
   minfree:20
   naflags:na

   See "Sample audit_control File" for an explanation of the syntax of the audit flags' fields.

4. Write the file and exit the editor.

   ---

   Note -

   On a distributed system, the audit flags in the audit_control file must be identical on every workstation on the network. See "To Distribute Audit Configuration Files to a Network of Workstations" for a process to distribute master copies of files to all workstations on the network.

   ---