The audit_binfile plugin creates an audit trail. The audit trail requires dedicated file space. This space must be available and secure. The system uses the /var/audit file system for initial storage. You can configure additional audit file systems for audit files. The following procedure covers the issues that you must resolve when you plan for audit trail storage.
Before You Begin
If you are implementing non-global zones, complete Planning Auditing in Zones before using this procedure.
This procedure assumes that you are using the audit_binfile plugin.
Balance your site's security needs against the availability of disk space for the audit trail.
For guidance on how to reduce space requirements while still maintaining site security, as well as how to design audit storage, see Controlling Auditing Costs and Auditing Efficiently.
For practical steps, see Volume of Audit Records Is Large, How to Compress Audit Files on a Dedicated File System, and Example 5–4.
Create a list of all the file systems that you plan to use. For configuration guidelines, see Storing and Managing the Audit Trail and the auditreduce (1M) man page. To specify the audit file systems, see How to Assign Audit Space for the Audit Trail.
For more information, see Ensuring Reliable Time Stamps.