Audit Focus
The information in the audit log can quickly grow in volume. You can achieve maximum benefit of security auditing by focusing the audit information produced by the system.
Security auditing has an impact on resource consumption. Audit records are recorded in a shared buffer before being written to the audit page and then to the log file. The performance impact of security auditing should be tested thoroughly before implementation.
Focusing the audit information both reduces resource consumption and makes it easier to examine the logs for possible security infringements.
The coarse and fine selection criteria can be used together to create a suitable security-auditing environment that meets the needs of any security administrator.