Chapter 5 Audit Configuration 67
■ Changes to the time
The minimum data recorded for each event includes:
■ Date and time of the event
■ Type of event
■ Who caused the event
■ Outcome of the event (success or failure)
Audit Classes
Audit classes are categories for grouping and sorting audit events. The server
provides a predefined set of audit classes, for example, log-in events and service-
related events. You cannot define additional audit classes or change the events in a
class. Refer to the setaudit(8) man page for a list of audit classes.
Audit Policy
Audit policy determines how the auditing feature is implemented at your site. You
can configure the following aspects of auditing:
■ Whether it is enabled or disabled
■ Types of event that are audited
■ Which users have their events audited
■ Remote directories for storing audit records
■ Threshold of local capacity at which a warning is issued
■ Action when both audit partitions are full
The default audit policy is as follows:
■ Auditing is enabled
■ Records are dropped and counted when the audit trail is full
■ All events are enabled for auditing
■ Global user audit policy is set to enabled
■ Per-user audit policy for all users is set to default (that is, enabled)
■ Audit warning thresholds are set at 80 percent and 100 percent full
■ Email warnings are disabled
