− libaudit configuration file
/etc/libaudit.conf contains configuration information
for user space applications that link to libaudit. The
applications are responsible for querrying the settings in
this file and obeying the admin’s preferences. This
file contains one configuration keyword per line, an equal
sign, and then followed by appropriate configuration
information. The keywords recognized are:
failure_action. These keywords are described below.
This keyword specifies what
action the admin wishes a user space application to take
when there is a failure to send an audit event to the
kernel. The possible values are: IGNORE
- meaning do nothing, LOG - write to syslog the
inability to send an audit event, and TERMINATE - the
user space application should exit.