AUDIT_BINFILE(7) Standards, Environments, and Macros AUDIT_BINFILE(7)

NAME


audit_binfile - generation of audit logs

SYNOPSIS


/usr/lib/security/audit_binfile.so


DESCRIPTION


The audit_binfile plugin module for audit,
/usr/lib/security/audit_binfile.so, writes binary audit data to files as
specified in the plugin's attributes configured by auditconfig(8); it is
the default plugin for the audit daemon auditd(8). Its output is
described by audit.log(5).

OBJECT ATTRIBUTES


The p_dir attribute specifies a comma-separated list of directories to be
used for storing audit files.


The p_minfree attribute specifies the percentage of free space required.
If free space falls below this threshold, the audit daemon auditd(8)
invokes the shell script audit_warn(8). The default threshold is 0%.


The p_fsize attribute defines the maximum size in bytes that an audit
file can become before it is automatically closed and a new audit file
opened. This is equivalent to an administrator issuing an audit -n
command when the audit file contains the specified number of bytes. The
default size is zero (0), which allows the file to grow without bound.
The value specified must be within the range of [512,000, 2,147,483,647].

EXAMPLES


The following commands cause audit_binfile.so to be activated, specify
the directories for writing audit logs, and specify the percentage of
required free space per directory. Note that using auditconfig(8) only
allows one attribute to be set at a time.

# auditconfig -setplugin audit_binfile active p_minfree=20
# auditconfig -setplugin audit_binfile active \
p_dir=/var/audit/jedgar/eggplant,\
/var/audit/jedgar.aux/eggplant,\
/var/audit/global/eggplant


ATTRIBUTES


See attributes(7) for a description of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|MT Level | MT-Safe |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+

SEE ALSO


audit.log(5), attributes(7), auditconfig(8), auditd(8)

March 6, 2017 AUDIT_BINFILE(7)