Audit log data is output to syslog. Because HDLM messages other than audit log data are also output to syslog, we recommend that you specify the output destination that is used exclusively for audit log data.
For example, when you are using syslogd to change the output destination of audit log data to /usr/local/audlog, specify the following two settings:
Specify the following setting in the /etc/syslog.conf file:
local0.info /usr/local/audlog
Use the HDLM command's set operation to specify local0 for the audit log facility:
You can also filter the audit log output by specifying a severity level and type for the HDLM command's set operation.
Severity |
Audit log data to output |
Correspondence with syslog severity levels |
|---|---|---|
0 |
None |
Emergency |
1 |
Alert |
|
2 |
Critical |
Critical |
3 |
Critical and Error |
Error |
4 |
Critical, Error, and Warning |
Warning |
5 |
Notice |
|
6 |
Critical, Error, Warning, and Informational |
Informational |
7 |
Debug |
- Filtering by category:
The following categories can be specified:
StartStop
Authentication
ConfigurationAccess
All of the above
For details on how to specify audit log settings, see Setting up the HDLM functions.