Audit Flag Syntax (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: Definitions of Audit Flags
Next: Prefixes That Modify Audit Flags

Audit Flag Syntax

The prefixes to the audit flags determine whether a class of events is audited for success, or for failure. Without a prefix, a class is audited for success and for failure. The following table shows the format of the audit flag and some possible representations.

Table 23–2 Plus and Minus Prefixes to Audit Flags


`prefixflag`	Explanation
`lo`	Audit all successful attempts to log in and log out, and all failed attempts to log in. You cannot fail an attempt to log out.
`+lo`	Audit all successful attempts to log in and log out.
`-all`	Audit all failed events.
`+all`	Audit all successful events.

Caution –

The all flag can generate large amounts of data and fill up audit file systems quickly. Use the all flag only if you have extraordinary reasons to audit all activities.

Previous: Definitions of Audit Flags
Next: Prefixes That Modify Audit Flags