关于系统上典型的审计日志文件,参见清单1;它还显示了记录的追踪部分。
A typical audit log file on my system is shown in Listing 1; it shows the trail record, as well.
我个人喜欢选用流模式,因为它以文本模式写审计日志文件,允许实时地查看审计事件。
The stream mode is my personal choice, because it offers real-time viewing of audit events due to the audit log file being written to in text mode.
因此,如果包含审计日志文件的文件系统满了,它仍然会继续将事件写到日志文件的开头。
Thus, if the filesystem that contains the audit log files fills up, it still continues to write events to the beginning of the log file.
应用推荐