Example—Setting the cnt Policy (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: How to Configure the audit_warn Alias
Next: How to Enable Auditing

Example—Setting the `cnt` Policy

The cnt policy can be set so that if the audit partitions become full, then processes are not blocked. The records are discarded when the partitions are full, but the system still functions. The cnt policy keeps a count of the number of discarded audit records. The cnt policy should not be set if security is paramount, since unrecorded events can occur if the file system is full.

The following command enables the cnt policy:

# auditconfig -setpolicy +cnt

To maintain the policy across reboots, you should place the auditconfig -setpolicy +cnt command in the audit_startup file.

Previous: How to Configure the audit_warn Alias
Next: How to Enable Auditing