System Administration Guide: Security Services

ProcedureHow to Plan Storage for Audit Records

The audit trail requires dedicated file space. The dedicated file space for audit files must be available and secure. Each system should have several audit directories that are configured for audit files. You should decide how to configure the audit directories as one of the first tasks before you enable auditing on any systems. The following procedure covers the issues to be resolved when you plan for audit trail storage.

Before You Begin

If you are implementing non-global zones, complete How to Plan Auditing in Zones before using this procedure.

  1. Determine how much auditing your site needs.

    Balance your site's security needs against the availability of disk space for the audit trail.

    For guidance on how to reduce space requirements while still maintaining site security, as well as how to design audit storage, see Controlling Auditing Costs and Auditing Efficiently.

  2. Determine which systems are to be audited.

    On those systems, allocate space for at least one local audit directory. To specify the audit directories, see Example 30–3.

  3. Determine which systems are to store audit files.

    Decide which servers are to hold the primary and secondary audit directories. For examples of configuring disks for audit directories, see How to Create Partitions for Audit Files.

  4. Name the audit directories.

    Create a list of all the audit directories that you plan to use. For naming guidelines, see Storing the Audit Trail and auditreduce Command.

  5. Determine which systems are to use which audit directories.

    Create a map that shows which system should use which audit directory. The map helps you to balance the auditing activity. For an illustration, see Figure 31–1 and Figure 31–2.