To Specify the Audit File Storage Locations

1. As role secadmin, at label admin_low, enter audit storage locations in the audit_control file.

   1. Open the System_Admin folder from the Application Manager.

   2. Double-click the Audit Control action.

2. On the first system installed, enter its local audit file system as the value of the dir: line.

   The following shows the audit_control file for grebe, the NIS+ root master.

   dir:/etc/security/audit/grebe/files
   flags:
   minfree:20
   naflags:

3. When the audit file servers have been installed and configured, add their (mounted) filesystem names plus their top-level directory, files to the dir: entry.

   The mounted file systems are listed before the system's local file system, as in:

   dir:/etc/security/audit/egret/files
   dir:/etc/security/audit/egret.1/files
   dir:/etc/security/audit/grebe/files
   flags:
   minfree:20
   naflags:

4. Write the file and exit the editor.

5. As role secadmin in an admin_high profile shell, execute the audit -s command to have the audit daemon re-read the audit_control file and write audit records to the designated directory.:

   $ audit -s

   By default, the audit records have been stored in /var/audit. The audit records will now be stored in the first directory in the audit_control file.