Filter
Top Products
Chapter 5 Audit Configuration 65
■ Changes to the time
The minimum data recorded for each event includes:
■ Date and time of the event
■ Type of event
■ Who caused the event
■ Outcome of the event (success or failure)
Audit Classes
Audit classes are categories for grouping and sorting audit events. The SPARC
Enterprise Mx000 server provides a predefined set of audit classes, for example, log-
in events and service-related events. You cannot define additional audit classes or
change the events in a class. Refer to the setaudit(8) man page for a list of audit
classes.
Audit Policy
Audit policy determines how the auditing feature is implemented at your site. You
can configure the following aspects of auditing:
■ Whether it is enabled or disabled
■ Types of event that are audited
■ Which users have their events audited
■ Remote directories for storing audit records
■ Threshold of local capacity at which a warning is issued
■ Action when both audit partitions are full
The default audit policy is as follows:
■ Auditing is enabled
■ Records are dropped and counted when the audit trail is full
■ All events are enabled for auditing
■ Global user audit policy is set to enabled
■ Per-user audit policy for all users is set to default (that is, enabled)
■ Audit warning thresholds are set at 80 percent and 100 percent full
■ Email warnings are disabled
Audit File Tools
You can manage audit files from the Service Processor, using a tool for viewing audit
files. Refer to the viewaudit(8) man page for details on this tool.