Filter
Top Products
setaudit(8)
System Administration 119
Changes the audit record generation policy for the specified audit events.
events is a comma-separated list of audit events. An event may be specified
by its numeric value or its name. The AEV_ prefix may be omitted. For
example, the event for SSH login can be expressed as AEV_LOGIN_SSH,
LOGIN_SSH or 0.
See showaudit -e all for a list of valid events.
This option may be specified multiple times. Multiple specification are
processed together with an -c options in the order listed. See
EXAMPLE 3.
When set to enable or disable, audit record generation for the events is
turned on or off respectively. This setting overrides the global policy. When
set to default, the policy for the users is set to follow the global policy. Use
showaudit -g to display the global user audit record generation policy.
-g enable|disable
Sets the global user audit record generation policy.
When set to disable, no audit record which can be attributed to any user
account is generated. These settings can be overridden on an individual user
basis using the -a option.
-h
Displays usage statement.
When used with other options or operands, an error occurs.
-m mailaddr
Sets the mail address to which email is sent when the local audit storage
space usage reaches a threshold (see option -t). Email addresses must be a
valid email address of the form user@company.com. Specifying none for
mailaddr turns off email notification.
-p suspend|count
Sets the policy to follow when the audit trail becomes full. The following are
valid values:
suspend All processes which try to write to audit records will be
suspended until either space becomes available and
records can be written, or the policy is changed to count.
count New audit records are dropped and a count is kept of
how many records are dropped.