26 lines
547 B
Plaintext
26 lines
547 B
Plaintext
# /etc/audit/auditd.conf
|
|
# See auditd.conf(5)
|
|
|
|
local_events = yes
|
|
log_file = /var/log/audit/audit.log
|
|
write_logs = yes
|
|
log_format = ENRICHED
|
|
log_group = root
|
|
flush = INCREMENTAL_ASYNC
|
|
freq = 50
|
|
num_logs = 7
|
|
name_format = NONE
|
|
max_log_file = 8
|
|
max_log_file_action = ROTATE
|
|
verify_email = yes
|
|
space_left = 100
|
|
space_left_action = SYSLOG
|
|
admin_space_left = 75
|
|
admin_space_left_action = SUSPEND
|
|
disk_full_action = SUSPEND
|
|
disk_error_action = SUSPEND
|
|
overflow_action = SYSLOG
|
|
max_restarts = 5
|
|
plugin_dir = /etc/audit/plugins.d
|
|
end_of_event_timeout = 2
|