svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
audit_binfile(7)
Standards, Environments, Macros, Character Sets, and miscellany
audit_binfile(7)
NAME
audit_binfile - generation of Solaris audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.so
DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/secu‐
rity/audit_binfile.so, writes binary audit data to files as configured
in auditconfig(8); it is the default plugin for the Solaris audit dae‐
mon auditd(8). Its output is described by audit.log(5).
The audit_binfile plugin is loaded by auditd if the plugin is config‐
ured as active via auditconfig. Use the auditconfig -setplugin option
to change all the plugin related configuration parameters.
OBJECT ATTRIBUTES
The following attributes specify the configuration of audit_binfile
plugin:
p_dir
dir1[,dir2],.. [,dirn]
A list of directories, where the audit files will be created. Any
valid writable directory can be specified.
p_minfree
A percentage, which indicates the amount of free space required on
the target p_dir. If free space falls below this threshold, the
audit daemon auditd(8) invokes the shell script audit_warn(8). If
no threshold is specified, the default is 1%.
p_fsize
The p_fsize attribute defines the maximum size that an audit file
can become before it is automatically closed and a new audit file
is opened. This is equivalent to an administrator issuing an audit
-n command when the audit file size equals the value specified by
the administrator. The default size is zero (0), which allows the
file to grow without bound. The value specified must be higher than
500KB and lower than 16 exabytes (EB). The used file system might
further lower the limits. The format of the p_fsize value can be
specified as an exact value in bytes or in a human-readable form
with a suffix of B, K, M, G, T, P, E, Z (for bytes, kilobytes,
megabytes, gigabytes, terabytes, petabytes, exabytes, or
zettabytes, respectively). Suffixes of KB, MB, GB, TB, PB, EB, and
ZB are also accepted.
p_age
The p_age attribute defines the maximum length of time that an
audit file will remain open before it is automatically closed and a
new audit file is opened. This is equivalent to an administrator
issuing an audit -n command when the audit file has been open for
the configured length of time. The default time is zero (0) which
allows the file to remain open until some other action causes it to
be closed. The format of the p_age values can be specified in a
form with a suffix specifying the units of time: h, d, w, m, y
(hours, days, weeks, months (30d), years (365d)).
p_flags
The p_flags attribute defines the set of audit classes which are to
be audited. The syntax for specifying audit flags is explained in
audit_flags(7). The default value for p_flags in the audit_binfile
plugin is all.
EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify
the directories for writing audit logs, specify the percentage of
required free space per directory, the maximum size of a log file, and
the maximum age of a log file.
auditconfig -setplugin audit_binfile active \
"p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant,
/var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB;p_age=1w"
ATTRIBUTES
See attributes(7) for a description of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/library _ Interface StabilityCommit‐
ted
SEE ALSO
syslog.conf(5), attributes(7), audit_warn(8), auditconfig(8), auditd(8)
Managing Auditing in Oracle Solaris 11.4
Oracle Solaris 11.4 21 Jun 2021 audit_binfile(7)