Managing Auditing in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Audit Policy

Audit policy determines whether additional information is added to the audit trail.

The following policies add tokens to audit records: arge, argv, group, path, seq, trail, windata_down, windata_up, and zonename. The windata_down and windata_up policies are used by the Trusted Extensions feature of Oracle Solaris. For more information, see Chapter 22, Trusted Extensions and Auditing, in Trusted Extensions Configuration and Administration .

The remaining policies do not add tokens. The public policy limits auditing of public files. The perzone policy establishes separate audit queues for non-global zones. The ahlt and cnt policies determine what happens when audit records cannot be delivered. For details, see Audit Policies for Asynchronous and Synchronous Events.

The effects of the different audit policy options are described in Understanding Audit Policy. For a description of audit policy options, see the –setpolicy option in the auditconfig(1M) man page. For a list of available policy options, run the command auditconfig -lspolicy. For the current policy, run the command auditconfig -getpolicy.