Prefixes to Modify Previously Set Audit Flags
Use the modification prefixes in any of three ways: in the flags line in the audit_control(4) file to modify already-specified flags, as flags in the user's entry in the audit_user(4) file, or as arguments to the auditconfig(1M) command.
The prefixes in Table 1–3 along with audit flags, turn on or turn off previously specified audit classes. These prefixes turn on or off previously specified flags only.
Table 1–3 Prefixes Used to Modify Already-Specified Audit Flags|
Prefix |
Definition |
|---|---|
|
^- |
Turn off for failed attempts |
|
^+ |
Turn off for successful attempts |
|
^ |
Turn off for both failed and successful attempts |
The ^- prefix is used in the flags line in the following example from an audit_control file.
flags:lo,ad,-all,^-fc
- © 2010, Oracle Corporation and/or its affiliates