Changes to the time

The minimum data recorded for each event includes:

Date and time of the event

Type of event

Who caused the event

Outcome of the event (success or failure)

Audit Classes

Audit classes are categories for grouping and sorting audit events. The server provides a predefined set of audit classes, for example, log-in events and service- related events. You cannot define additional audit classes or change the events in a class. Refer to the setaudit(8) man page for a list of audit classes.

Audit Policy

Audit policy determines how the auditing feature is implemented at your site. You can configure the following aspects of auditing:

Whether it is enabled or disabled

Types of event that are audited

Which users have their events audited

Remote directories for storing audit records

Threshold of local capacity at which a warning is issued

Action when both audit partitions are full

The default audit policy is as follows:

Auditing is enabled

Records are dropped and counted when the audit trail is full

All events are enabled for auditing

Global user audit policy is set to enabled

Per-user audit policy for all users is set to default (that is, enabled)

Audit warning thresholds are set at 80 percent and 100 percent full

Email warnings are disabled

Chapter 5 Audit Configuration

67