System Administration Guide: Security Services

Example—Setting the cnt Policy

The cnt policy can be set so that if the audit partitions become full, then processes are not blocked. The records are discarded when the partitions are full, but the system still functions. The cnt policy keeps a count of the number of discarded audit records. The cnt policy should not be set if security is paramount, since unrecorded events can occur if the file system is full.

The following command enables the cnt policy:


# auditconfig -setpolicy +cnt

To maintain the policy across reboots, you should place the auditconfig -setpolicy +cnt command in the audit_startup file.