As role secadmin, at label admin_low
, enter audit storage locations in the audit_control file.
On the first workstation installed, enter its local audit file system as the value of the dir: line.
The following shows the audit_control file for grebe, the NIS+ root master.
dir:/etc/security/audit/grebe/files flags: minfree:20 naflags:
When the audit file servers have been installed and configured, add their (mounted) filesystem names plus their top-level directory, files to the dir: entry.
The mounted file systems are listed before the workstation's local file system, as in:
dir:/etc/security/audit/egret/files dir:/etc/security/audit/egret.1/files dir:/etc/security/audit/grebe/files flags: minfree:20 naflags:
Write the file and exit the editor.
As role secadmin in an admin_high
profile shell, execute the audit -s command to have the audit daemon re-read the audit_control
file and write audit records to the designated directory.:
$ audit -s |
By default, the audit records have been stored in /var/audit. The audit records will now be stored in the first directory in the audit_control file.