DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Overview of the auditing subsystem

Managing the audit event log file

Audit records generated by an event are eventually written to a log file. Initially, however, audit records are by default written to one of a number of audit buffers in main memory. When an audit buffer reaches the designated high water mark the audit daemon process switches to the next available buffer and marks the full one as writable. The daemon process writes the audit buffer to the audit event log file and returns the buffer to the pool of available buffers.

By default, the log files are kept in the /var/audit directory. You can control the directory used, the size of each file, the action to be taken when the log file is full, and more. You can also specify the auditing data to be backed up to a storage device, such as a tape drive, rather than a regular file. See ``Configuring auditing'' for more information. The default audit event log file is a regular file.


Next topic: Controlling the auditing subsystem
Previous topic: Overview of auditable event types and classes

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005