Specifying the audit policy – FUJITSU SPARC M4000 User Manual

2-66

SPARC Enterprise Mx000 Servers XSCF User’s Guide • April 2008

Specifying the Audit Policy

■

Command operation

1. Use the showaudit (8) command to display the audit policy.

XSCF> showaudit all

Auditing: enabled

Audit space used: 13713 (bytes)

Audit space free: 4180591 (bytes)

Records dropped: 0

Policy on full trail: suspend

User global policy: enabled

Mail:

Thresholds: 80% 100%

User policy:

Events:

AEV_AUDIT_START enabled

AEV_AUDIT_STOP enabled

:

2. Use the setaudit (8) command to set the audit policy.

<Example 1> Specify three users, enable the AUDIT and LOGIN groups

for the Audit class, enable SSH login for the Audit event, and

disable the global policy for the users.

XSCF> setaudit –a yyyyy,uuuuu,nnnnn=enabe –c ACS_AUDIT,ACS_LOGIN=

enable –e AEV_LOGIN_SSH=enable –g disable

<Example 2> Specify the file warning send destination address,

count for the trail-full write mode, and file space warning

threshold.

XSCF> setaudit –m [email protected] –p count –t 50,75,90

3. Use the showaudit (8) command to confirm the setting.