To Prevent Computers From Being Audited Differently

If you change audit configuration files on one workstation and fail to copy the files to the other workstations on the network, the workstations will be audited differently.

As role secadmin, at label admin_low, copy the audit configuration files from a central location to every workstation.

Follow the procedure in To Distribute Audit Configuration Files.

Check that the audit class mappings for attributable and nonattributable events match the kernel cache.

See To Set Audit Class Mappings for Attributable Events and To Set Audit Class Mappings for Non-Attributable Audit Events for details.

Previous: To Start the Audit Daemon Manually
Next: To Set Audit Class Mappings for Attributable Events