'\" te
.\"  Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
.TH audit_binfile  5 "5 Jan 2012" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
audit_binfile \- generation of Solaris audit logs
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/security/audit_binfile.so\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBaudit_binfile\fR plugin module for Solaris audit, \fB/usr/lib/security/audit_binfile.so\fR, writes binary audit data to files as configured in \fBauditconfig\fR(1M); it is the default plugin for the Solaris audit daemon \fBauditd\fR(1M). Its output is described by \fBaudit.log\fR(4).
.sp
.LP
The \fBaudit_binfile\fR plugin is loaded by \fBauditd\fR if the plugin is configured as an active via \fBauditconfig\fR. Use the \fBauditconfig\fR \fB-setplugin\fR option to change all the plugin related configuration parameters.
.SH OBJECT ATTRIBUTES
.sp
.LP
The following attributes specify the configuration of \fBaudit_binfile\fR plugin:
.sp
.ne 2
.mk
.na
\fB\fBp_dir\fR\fR
.ad
.sp .6
.RS 4n
.sp
.in +2
.nf
dir1[,dir2],.. [,dirn]
.fi
.in -2
.sp

A list of directories, where the audit files will be created. Any valid writable directory can be specified.
.RE

.sp
.ne 2
.mk
.na
\fB\fBp_minfree\fR\fR
.ad
.sp .6
.RS 4n
A percentage, which indicates the amount of free space required on the target \fBp_dir\fR. If free space falls below this threshold, the audit daemon \fBauditd\fR(1M) invokes the shell script \fBaudit_warn\fR(1M). If no threshold is specified, the default is 1%.
.RE

.sp
.ne 2
.mk
.na
\fB\fBp_fsize\fR\fR
.ad
.sp .6
.RS 4n
The \fBp_fsize\fR attribute defines the maximum size that an audit file can become before it is automatically closed and a new audit file is opened. This is equivalent to an administrator issuing an \fBaudit -n\fRcommand when the audit file size equals the value specified by the administrator. The default size is zero (\fB0\fR), which allows the file to grow without bound. The value specified must be higher than 500KB and lower than 16 exabytes (\fBEB\fR). The used file system might further lower the limits. The format of the \fBp_fsize\fR value can be specified as an exact value in bytes or in a human-readable form with a suffix of \fBB, K, M, G, T, P, E, Z\fR (for bytes, kilobytes, megabytes, gigabytes, terabytes, petabytes, exabytes, or zettabytes, respectively). Suffixes of \fBKB, MB, GB, TB, PB, EB,\fR and \fBZB\fR are also accepted.
.RE

.sp
.ne 2
.mk
.na
\fB\fBp_age\fR\fR
.ad
.sp .6
.RS 4n
The \fBp_age\fR attribute defines the maximum length of time that an audit file will remain open before it is automatically closed and a new audit file is opened. This is equivalent to an administrator issuing an \fBaudit -n\fR command when the audit file has been open for the configured length of time. The default time is zero(0) which allows the file to remain open until some other action causes it to be closed. The format of the \fBp_age\fR values can be specified in a form with a suffix specifying the units of time: h, d, w, m, y (hours, days, weeks, months (30d), years (365d)).
.RE

.SH EXAMPLES
.sp
.LP
The following directives cause \fBaudit_binfile.so\fR to be loaded, specify the directories for writing audit logs, specify the percentage of required free space per directory, the maximum size of a log file, and the maximum age of a log file.
.sp
.in +2
.nf
auditconfig -setplugin audit_binfile active \e
    "p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant,
     /var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB;p_age=1w"
.fi
.in -2
.sp

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for a description of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
\fBATTRIBUTE TYPE\fR\fBATTRIBUTE VALUE\fR
_
MT LevelMT-Safe
_
Interface StabilityCommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBauditconfig\fR(1M), \fBauditd\fR(1M), \fBaudit_warn\fR(1M), \fBsyslog.conf\fR(4), \fBattributes\fR(5)
.sp
.LP
\fIManaging Auditing in Oracle Solaris 11.3\fR