How to Configure
Audit Queue Parameters
The audit service provides default values for audit queue parameters. You can inspect and set these values with the auditconfig command.
The auditconfig command can set a temporary, or active, value. This value is used by the kernel, but it is not set as a property of the audit service. This command also sets persistent, or configured, values. Configured values are the values that are restored when you restart the audit service.
-
Assume a role that includes the Audit Control profile, or become superuser.
To create a role that includes the Audit Control profile and to assign the role to a user, see Configuring RBAC (Task Map).
-
Review the audit queue parameter values.
To view the values, use the auditconfig -getqctrl command.
$ auditconfig -getqctrl no configured audit queue lowater mark no configured ...
The string no configured indicates that the system is using the default settings. For a description of the audit queue parameters, see the auditconfig(1M) man page.
-
Modify selected audit queue parameters.
-
To modify all audit queue parameters, use the -setqctrl option.
# auditconfig [ -t ]-setqctrl hiwater lowater bufsz interval
-
To modify a specific audit queue parameter, use the specific option, one of -setqbufsz, -setqdelay, -setqlowater, and -setqhiwater.
# auditconfig [ -t ]-setq* value
- -t
-
Optional. Sets a temporary, or active, value. This value is not set as a property value of the audit service.
- hiwater ...
-
Are audit queue parameters.
- value
-
Is a value for the audit queue parameter.
A temporary (-t) or active value is in effect until the audit service is restarted, or until the value is modified by the auditconfig [-t] -setq* command. Without the -t option, the queue parameter value is stored as a property value of the audit service.
-
Example 30–16 Configuring Audit Queue Parameters
In this example, the administrator configures the audit queue's write buffer size and wakeup interval. The administrator tunes these parameters differently in the active configuration by using the -t option.
# auditconfig -getqctrl no configured audit queue hiwater mark no configured audit queue lowater mark no configured audit queue buffer size no configured audit queue delay active audit queue hiwater mark (records) = 110 active audit queue lowater mark (records) = 30 active audit queue buffer size (bytes) = 8192 active audit queue delay (ticks) = 20 # auditconfig -setqbufsz 8192 # auditconfig -setqdelay 20 # auditconfig -t -setqbufsz 12288 # auditconfig -t -setqdelay 25 # auditconfig -getqctrl no configured audit queue lowater mark no configured audit queue hiwater mark configured audit queue buffer size (bytes) = 8192 configured audit queue delay (ticks) = 20 active audit queue hiwater mark (records) = 100 active audit queue lowater mark (records) = 10 active audit queue buffer size (bytes) = 12288 active audit queue delay (ticks) = 25 |
The administrator resets the parameters to their default values by setting them to zero.
auditconfig -setqbufsz 0 auditon(2) failed. error: Invalid argument(22) # auditconfig -setqdelay 0 auditon(2) failed. error: Invalid argument(22) # auditconfig -getqctrl no configured audit queue hiwater mark no configured audit queue lowater mark no configured audit queue buffer size no configured audit queue delay active audit queue hiwater mark (records) = 110 active audit queue lowater mark (records) = 30 active audit queue buffer size (bytes) = 12288 active audit queue delay (ticks) = 25 |
- © 2010, Oracle Corporation and/or its affiliates