The audit_binfile plugin creates an audit trail. The audit trail requires dedicated file space. This space must be available and secure. The system uses the /var/audit file system for initial storage. You can configure additional audit file systems for audit files. The following procedure covers the issues that you must resolve when you plan for audit trail storage.
Before You Begin
If you are implementing non-global zones, complete Planning Auditing in Zones before using this procedure.
This procedure assumes that you are using the audit_binfile plugin.
Balance your site's security needs against the availability of disk space for the audit trail.
For practical steps, see Volume of Audit Records Is Large, How to Compress Audit Files on a Dedicated File System, and Example 32, Combining and Reducing Audit Files.
Create a list of all the file systems that you plan to use. For configuration guidelines, see Storing and Managing the Audit Trail and the auditreduce(8) man page. To specify the audit file systems, see Configuring Audit Space for the Audit Trail and Audit Files.
For more information, see Ensuring Reliable Time Stamps.