Fujitsu M9000 Server User Manual


 
Chapter 5 Audit Configuration 65
Changes to the time
The minimum data recorded for each event includes:
Date and time of the event
Type of event
Who caused the event
Outcome of the event (success or failure)
Audit Classes
Audit classes are categories for grouping and sorting audit events. The SPARC
Enterprise Mx000 server provides a predefined set of audit classes, for example, log-
in events and service-related events. You cannot define additional audit classes or
change the events in a class. Refer to the setaudit(8) man page for a list of audit
classes.
Audit Policy
Audit policy determines how the auditing feature is implemented at your site. You
can configure the following aspects of auditing:
Whether it is enabled or disabled
Types of event that are audited
Which users have their events audited
Remote directories for storing audit records
Threshold of local capacity at which a warning is issued
Action when both audit partitions are full
The default audit policy is as follows:
Auditing is enabled
Records are dropped and counted when the audit trail is full
All events are enabled for auditing
Global user audit policy is set to enabled
Per-user audit policy for all users is set to default (that is, enabled)
Audit warning thresholds are set at 80 percent and 100 percent full
Email warnings are disabled
Audit File Tools
You can manage audit files from the Service Processor, using a tool for viewing audit
files. Refer to the viewaudit(8) man page for details on this tool.