|Skip Navigation Links|
|Exit Print View|
|man pages section 5: Standards, Environments, and Macros Oracle Solaris 11 Express 11/10|
Standards, Environments, and Macros
- generation of Solaris audit logs
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in auditconfig(1M); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all the plugin related configuration parameters.
The following attributes specify the configuration of audit_binfile plugin:
A list of directories, where the audit files will be created. Any valid writable directory can be specified.
A percentage, which indicates the amount of free space required on the target p_dir. If free space falls below this threshold, the audit daemon auditd(1M) invokes the shell script audit_warn(1M). If no threshold is specified, the default is 0%.
The p_fsize attribute defines the maximum size in bytes that an audit file can become before it is automatically closed and a new audit file opened. This is equivalent to an administrator issuing an audit -n command when the audit file contains the specified number of bytes. The default size is zero (0), which allows the file to grow without bound. The value specified must be within the range of [512,000, 2,147,483,647].
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free space per directory.
auditconfig -setplugin audit_binfile active \ "p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant, /var/audit/global/eggplant;p_minfree=20"
See attributes(5) for a description of the following attributes:
auditconfig(1M), auditd(1M), audit_warn(1M), syslog.conf(4), attributes(5)