|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library|
The audit service, auditd, is enabled by default. To enable, refresh, or disable the service, see Enabling and Disabling the Audit Service (Tasks).
Without customer configuration, the following defaults are in place:
All login events are audited.
Both successful and unsuccessful login attempts are audited.
All users are audited for login and logout events, including role assumption and screenlock.
The audit_binfile plugin is active. The /var/audit directory stores audit records, the size of an audit file is not limited, and the queue size is 100 records.
The cnt policy is set.
When audit records fill the available disk space, the system tracks the number of dropped audit records. A warning is issued when one percent of available disk space remains.
The following audit queue controls are set:
Maximum number of records in the audit queue before generating the records locks - 100
Minimum number of records in the audit queue before blocked auditing processes unblock - 10
Buffer size for the audit queue - 8192 bytes
Interval between writing audit records to the audit trail - 20 seconds
To display the defaults, see How to Display Audit Service Defaults.
The audit service enables you to set temporary, or active, values. These values can differ from configured, or property, values.
Temporary values are not restored when you refresh or restart the audit service.
Audit policy and audit queue controls accept temporary values. Audit flags do not have a temporary value.
Configured values are stored as property values of the service, so they are restored when you refresh or restart the audit service.
Rights profiles control who can administer the audit service. For more information, see Rights Profiles for Administering Auditing.
By default, all zones are audited identically. See Auditing and Oracle Solaris Zones.