Use the NSS audit log messages commands to enable or disable messages via Lightweight Auditing Framework (LAF) for NSS trustee changes for NSS volumes on OES 2 and later. When it is enabled, NSS reports changes for the following subset of NSS events:
Adding trustees (AddTrustee)
Removing trustees (RemoveTrustee)
Setting the inherited rights mask (SetInheritedRightsMask)
The messages are stored in the/var/log/audit/audit.log file. For information about the content and format of messages in the log, see Section 20.4.1, Understanding NSS Audit Log Messages.
Enable or disable the generation of audit messages via Lightweight Auditing Framework for NSS trustee changes for NSS volumes.
After you enable the audit log messages, the setting persists until the server reboot. After a server reboot, the audit log is disabled again by default. To make the command persist across reboots, add it to the /etc/opt/novell/nss/nssstart.cfg file.
To have the setting persist across reboots, add it to the /etc/opt/novell/nss/nssstart.cfg file.
Default: Off (disabled)
Values: On or Off
Examples
To enable NSS audit messages, enter the following at the nsscon prompt:
nss /LAFAuditTrustee
To disable NSS audit messages, enter the following at the nsscon prompt:
nss /NoLAFAuditTrustee