audit_control.5 - OpenGrok cross reference for /freebsd/contrib/openbsm/man/audit

Lines Matching +full:suspend +full:- +full:to +full:- +full:disk
1 .\" Copyright (c) 2004-2009 Apple Inc.
7 .\" contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
19 .\"     its contributors may be used to endorse or promote products derived
23 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 .Bl -tag -width indent
53 Changes to this entry can only be enacted by restarting the
57 for a description of how to restart the audit system.
59 When set to
64 will be creating hardlinks to all trail files in
73 describes how to audit events for individual users.
76 Specify the hostname or IP address to be used when setting the local
80 Due to the possibility of transient errors coupled with the
89 an action cannot be attributed to a specific user.
91 The minimum free space required on the file system audit logs are being written to.
99 Maximum trail size in bytes; if set to a non-0 value, the audit daemon will
107 .It Va expire-after
110 written to or when the aggregate of all the trail files have reached a
112 If no expire-after parameter is given then audit log files will not
118 be in the kernel's post-commit queue pending write to disk.
121 Depending on the underlying kernel implementation, the number of in-flight
127 minimum free space on disk required to continue system operation, estimated as
128 the maximum number of allowable in-flight records multiplied by the maximum
132 Audit flags are a comma-delimited list of audit classes as defined in the
138 .Bl -tag -width indent -compact -offset indent
143 .It Li -
149 .It Li ^-
153 The policy flags field is a comma-delimited list of policy flags from the
156 .Bl -tag -width ".Cm zonename" -compact -offset indent
158 Allow processes to continue running even though events are not being audited.
163 Fail stop the system if unable to audit an event\[em]this consists of first
164 draining pending records to disk, and then halting the operating system.
166 Audit command line arguments to
169 Audit environmental variable arguments to
183 Append a trailer token to each audit record (not implemented on
212 flag unless it is intended that audit logs exceeding available disk space
220 .Bl -tag -width "(space) or" -compact -offset indent
231 Values for the disk space used are numbers with the following suffixes:
233 .Bl -tag -width "(space) or" -compact -offset indent
236 Disk space used in Bytes.
238 Disk space used in Kilobytes.
240 Disk space used in Megabytes.
242 Disk space used in Gigabytes.
246 If both an age and disk space value are used they are separated by
247 AND or OR and both values are used to determine when audit
249 In the case of AND, both the age and disk space conditions must be met
253 .Bd -literal -offset indent
254 expire-after: 60d AND 1G
258 gigabyte of disk space total is being used by the audit logs.
263 .Bd -literal -offset indent
270 expire-after:10M
275 parameter above specifies the system-wide mask corresponding to login/logout
279 parameter specifies that the system should neither fail stop nor suspend
288 .Bl -tag -width ".Pa /etc/security/audit_control" -compact
301 division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004.
305 .An -nosplit
307 of McAfee, Inc., under contract to Apple Computer Inc.
313 The Basic Security Module (BSM) interface to audit records and audit event
In current file

In project "undefined"

On Google
