Skip to main content

3.10.7 Enabling/Disabling Auditing


3.10.7 Enabling/Disabling Auditing
To confirm the current status of auditing, use the showaudit command. Also, to set the items to audit, use the setaudit command. Execute the setaudit command with a user account that has the auditadm privilege.
Audit is enabled by default. Writing to the audit log stops when auditing is disabled. Writing resumes when auditing is enabled. In the processing after a reboot, auditing is disabled before being enabled.
  1. Execute the showaudit command to display the audit settings.
    The following example displays the entire status of current system auditing.
XSCF> showaudit all
Auditing: enabled
Audit space used: 13713 (bytes)
Audit space free: 4180591 (bytes)
Records dropped: 0
Policy on full trail: count
User global policy: enabled
Mail:
Thresholds: 80% 100%
User policy:
Events:
AEV_AUDIT_START enabled
AEV_AUDIT_STOP enabled
:
  1. Execute the setaudit command to set enable/disable.
    The following example specifies that audit data writing be enabled.
XSCF> setaudit enable
  1. The following example specifies that audit data writing be disabled.
XSCF> setaudit disable