|Skip Navigation Links|
|Exit Print View|
|man pages section 5: Standards, Environments, and Macros Oracle Solaris 11 Information Library|
- generation of Solaris audit logs
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in auditconfig(1M); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all the plugin related configuration parameters.
The following attributes specify the configuration of audit_binfile plugin:
A list of directories, where the audit files will be created. Any valid writable directory can be specified.
A percentage, which indicates the amount of free space required on the target p_dir. If free space falls below this threshold, the audit daemon auditd(1M) invokes the shell script audit_warn(1M). If no threshold is specified, the default is 1%.
The p_fsize attribute defines the maximum size that an audit file can become before it is automatically closed and a new audit file is opened. This is equivalent to an administrator issuing an audit -ncommand when the audit file size equals the value specified by the administrator. The default size is zero (0), which allows the file to grow without bound. The value specified must be higher than 500KB and lower than 16 exabytes (EB). The used file system might further lower the limits. The format of the p_fsize value can be specified as an exact value in bytes or in a human-readable form with a suffix of B, K, M, G, T, P, E, Z (for bytes, kilobytes, megabytes, gigabytes, terabytes, petabytes, exabytes, or zettabytes, respectively). Suffixes of KB, MB, GB, TB, PB, EB, and ZB are also accepted.
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free space per directory.
auditconfig -setplugin audit_binfile active \ "p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant, /var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB"
See attributes(5) for a description of the following attributes: