To set the audit policy that a count of audit records is kept when the audit file systems are full, as role secadmin, at label admin_low
:
$ auditconfig -setpolicy +cnt |
To run auditing in an evaluated configuration, you cannot have the +cnt policy turned on. It must be turned off.
To set the audit policy that the workstation is shut down when its audit file systems are full:
$ auditconfig -setpolicy +ahlt |
To set one of the above policies permanently, enter the command in the audit_startup(1M) script. See To Set Audit Policy Permanently for how to edit the script.
On a distributed system, the same audit policy should be applied to all workstations.