Sizing the audit queue

The size of the audit queue can be set by a System Security Officer. The default configuration is as follows:

There are trade-offs in sizing the audit queue, as shown in Figure 15-5.

If the audit queue is large, so that you do not risk having user processes sleep, you run the risk of losing any audit records in memory if there is a system failure. The maximum number of records that can be lost is the maximum number of records that can be stored in the audit queue.

If security is your chief concern, keep the queue small. If you can risk the loss of more audit records, and you require high performance, make the queue larger.

Increasing the size of the in-memory audit queue takes memory from the total memory allocated to the data cache.

Figure 15-5: Trade-offs in auditing and performance