Managing Auditing in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014
 
 

Planning Disk Space for Audit Records

The audit_binfile plugin creates an audit trail. The audit trail requires dedicated file space. This space must be available and secure. The system uses the /var/audit file system for initial storage. You can configure additional audit file systems for audit files. The following procedure covers the issues that you must resolve when you plan for audit trail storage.

How to Plan Disk Space for Audit Records

Before You Begin

If you are implementing non-global zones, complete Planning Auditing in Zones before using this procedure.

This procedure assumes that you are using the audit_binfile plugin.

  1. Determine how much auditing your site needs.

    Balance your site's security needs against the availability of disk space for the audit trail.

    For guidance on how to reduce space requirements while still maintaining site security, as well as how to design audit storage, see Controlling Auditing Costs and Auditing Efficiently.

    For practical steps, see Volume of Audit Records Is Large, How to Compress Audit Files on a Dedicated File System, and Example 5–4.

  2. Determine which systems are to be audited and configure their audit file systems.

    Create a list of all the file systems that you plan to use. For configuration guidelines, see Storing and Managing the Audit Trail and the auditreduce (1M) man page. To specify the audit file systems, see How to Assign Audit Space for the Audit Trail.

  3. Synchronize the clocks on all systems.

    For more information, see Ensuring Reliable Time Stamps.