To Add Audit Classes

1. As role secadmin, at label admin_low, add audit classes in the audit_classes file.

   1. Open the System_Admin folder from the Application Manager.

   2. Double-click the Audit Classes action.

2. Add the classes you planned in Planning a Site-Specific Event-to-Class Mapping, write the file, and exit the editor.

   ---

   Caution –

   Do not reassign the hexadecimal numbers already in use.

   ---

3. As role secadmin, at label admin_low, open the Audit Events action to add the new class to each event in the new class.

   For events in more than one class, use a comma (no space) to delimit the classes.

4. Write the file and exit the editor.

5. Make any changes to audit_control(4) and audit_user(4) to audit the events in the new classes.

   See To Set Audit Flags and To Set User Exceptions to the Audit Flags for details of the procedures.

   ---

   Note –

   On a distributed system, the audit_class, audit_event, audit_startup, and audit_user files must be identical on every host on the network. See To Distribute Audit Configuration Files for a process to distribute master copies of files to all hosts on the network.

   ---

6. Reboot, or as secadmin in an admin_low profile shell, run the auditconfig(1M) command with appropriate options.

   In the following example, the audit session ID is 159, and the new classes are gr (for graphic applications) and db (for databases applications).

   $ auditconfig -setsmask 159 gr,db