As role secadmin, at label admin_low
, enter system-wide audit flags in the audit_control(4)
file.
Enter the na class in the naflags: line if your site is auditing non-attributable events.
dir:/etc/security/audit/egret/files dir:/etc/security/audit/egret.1/files dir:/etc/security/audit/grebe/files flags: minfree:20 naflags:na
Enter other classes in the flags: line if your system is auditing user-level events.
dir:/etc/security/audit/egret/files dir:/etc/security/audit/egret.1/files dir:/etc/security/audit/grebe/files flags:lo,ad,-all,^-fc minfree:20 naflags:na
See Sample audit_control File for an explanation of the syntax of the audit flags' fields.
Write the file and exit the editor.
On a distributed system, the audit flags in the audit_control file must be identical on every host on the network. See To Distribute Audit Configuration Files for a process to distribute master copies of files to all hosts on the network.