Selecting What Is Audited

Language:

The following task map points to procedures to configure auditing that is specific to your needs.

Table 4 Customizing Auditing Task Map

Task	Description	For Instructions
Audit everything that a user does on the system.	Audit one or more users for every command.	How to Audit All Commands by Users
Audit significant events.	Audit administrative commands, system access, and other significant events.	How to Audit Significant Events in Addition to Login/Logout
Change the audit events that are being recorded and have the change affect existing sessions.	Update a user's preselection mask.	How to Update the Preselection Mask of Logged In Users
Locate modifications to particular files in audited events.	Audit file modifications, then use the `auditreduce` command to find particular files.	How to Find Audit Records of Changes to Specific Files
Specify files or directories to be audited.	Set per-object logging for audit events.	Specifying Files or Directories to Be Audited
Use less file system space for audit files.	Use ZFS quotas and compression.	How to Compress Audit Files on a Dedicated File System
Remove audit events from the `audit_event` file.	Correctly update the `audit_event` file.	How to Prevent the Auditing of Specific Events