AUDIT_BINFILE(7) Standards, Environments, and Macros AUDIT_BINFILE(7)
NAME
audit_binfile - generation of audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.soDESCRIPTION
The
audit_binfile plugin module for audit,
/usr/lib/security/audit_binfile.so, writes binary audit data to files as
specified in the plugin's attributes configured by
auditconfig(8); it is
the default plugin for the audit daemon
auditd(8). Its output is
described by
audit.log(5).
OBJECT ATTRIBUTES
The
p_dir attribute specifies a comma-separated list of directories to be
used for storing audit files.
The
p_minfree attribute specifies the percentage of free space required.
If free space falls below this threshold, the audit daemon
auditd(8) invokes the shell script
audit_warn(8). The default threshold is 0%.
The
p_fsize attribute defines the maximum size in bytes that an audit
file can become before it is automatically closed and a new audit file
opened. This is equivalent to an administrator issuing an
audit -n command when the audit file contains the specified number of bytes. The
default size is zero (0), which allows the file to grow without bound.
The value specified must be within the range of [512,000, 2,147,483,647].
EXAMPLES
The following commands cause
audit_binfile.so to be activated, specify
the directories for writing audit logs, and specify the percentage of
required free space per directory. Note that using
auditconfig(8) only
allows one attribute to be set at a time.
# auditconfig -setplugin audit_binfile active p_minfree=20
# auditconfig -setplugin audit_binfile active \
p_dir=/var/audit/jedgar/eggplant,\
/var/audit/jedgar.aux/eggplant,\
/var/audit/global/eggplant
ATTRIBUTES
See
attributes(7) for a description of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|MT Level | MT-Safe |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+
SEE ALSO
audit.log(5),
attributes(7),
auditconfig(8),
auditd(8) March 6, 2017
AUDIT_BINFILE(7)