As an administrator who is assigned the Audit Review rights profile, you can limit the size of binary files to facilitate archiving and searching. You can also create smaller binary files from the original file by using one of the options described in this section.
Use the p_fsize attribute to limit the size of individual binary audit files.
For a description of the p_fsize attribute, see the OBJECT ATTRIBUTES section of the audit_binfile(5) man page.
For an example, see Example 4–3.
Use the auditreduce command to select records and write those records to a smaller file for further analysis.
The auditreduce -lowercase options find specific records.
The auditreduce -Uppercase options write your selections to a file. For more information, see the auditreduce(1M) man page. See also Displaying Audit Trail Data.