Specifying the audit policy – FUJITSU SPARC M4000 User Manual

2-66

SPARC Enterprise Mx000 Servers XSCF User’s Guide • April 2008

Specifying the Audit Policy

■

Command operation

1. Use the showaudit (8) command to display the audit policy.

XSCF> showaudit all

Auditing: enabled

Audit space used: 13713 (bytes)

Audit space free: 4180591 (bytes)

Records dropped: 0

Policy on full trail: suspend

User global policy: enabled

Mail:

Thresholds: 80% 100%

User policy:

Events:

AEV_AUDIT_START enabled

AEV_AUDIT_STOP enabled

:

2. Use the setaudit (8) command to set the audit policy.

Specify three users, enable the AUDIT and LOGIN groups

for the Audit class, enable SSH login for the Audit event, and

disable the global policy for the users.

XSCF> setaudit –a yyyyy,uuuuu,nnnnn=enabe –c ACS_AUDIT,ACS_LOGIN=

enable –e AEV_LOGIN_SSH=enable –g disable

Specify the file warning send destination address,

count for the trail-full write mode, and file space warning

threshold.

XSCF> setaudit –m [email protected] –p count –t 50,75,90

3. Use the showaudit (8) command to confirm the setting.