#
# This file controls the configuration of the audit daemon
#

# Common Criteria CAPP/LSPP recommended configuration. You MAY
# adjust this according to local requirements.

log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 5

# Configure disk synchronization. Using "flush = DATA" or 
# "flush = SYNC" increases reliability slightly but has a
# high performance cost. INCREMENTAL is a reasonable compromise.
flush = DATA
freq = 20

num_logs = 4
DISP_qos = lossy
max_log_file = 256
max_log_file_action = IGNORE
space_left = 1000
space_left_action = email
action_mail_acct = root
admin_space_left = 100

# Configure how the system will treat disk space exhaustion.
# The action "HALT" discards audit records if space is exhausted.
# The fail-safe setting is to switch to single-user mode.

admin_space_left_action = email
disk_full_action = HALT
disk_error_action = HALT