The basic setup of the audit daemon is done by editing
/etc/audit/auditd.conf
. You may also use YaST to
configure the basic settings by calling + + . Use the
tabs and for
configuration.
log_file = /var/log/audit/audit.log log_format = RAW log_group = root priority_boost = 4 flush = INCREMENTAL freq = 20 num_logs = 4 disp_qos = lossy dispatcher = /sbin/audispd name_format = NONE #name = mydomain max_log_file = 5 max_log_file_action = ROTATE space_left = 75 space_left_action = SYSLOG action_mail_acct = root admin_space_left = 50 admin_space_left_action = SUSPEND disk_full_action = SUSPEND disk_error_action = SUSPEND #tcp_listen_port = tcp_listen_queue = 5 #tcp_client_ports = 1024-65535 tcp_client_max_idle = 0
The default settings work reasonably well for many setups. Some values,
such as num_logs
, max_log_file
,
space_left
, and admin_space_left
depend on the size of your deployment. If disk space is limited, you
might want to reduce the number of log files to keep if they are rotated
and you might want get an earlier warning if disk space is running out.
For a CAPP-compliant setup, adjust the values for
log_file
, flush
,
max_log_file
, max_log_file_action
,
space_left
, space_left_action
,
admin_space_left
,
admin_space_left_action
,
disk_full_action
, and
disk_error_action
, as described in
Section 29.2, “Configuring the Audit Daemon”. An example CAPP-compliant
configuration looks like this:
log_file = path_to_separate_partition
/audit.log
log_format = RAW
priority_boost = 4
flush = SYNC ### or DATA
freq = 20
num_logs = 4
dispatcher = /sbin/audispd
disp_qos = lossy
max_log_file = 5
max_log_file_action = KEEP_LOGS
space_left = 75
space_left_action = EMAIL
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SINGLE ### or HALT
disk_full_action = SUSPEND ### or HALT
disk_error_action = SUSPEND ### or HALT
The ###
precedes comments where you can choose from
several options. Do not add the comments to your actual configuration
files.
![]() | For More Information |
---|---|
Refer to Section 29.2, “Configuring the Audit Daemon” for detailed background
information about the |