Configure auditing

1.Open the terminal

2.Open this file as root: /etc/security/audit_control

3.Make sure ‘flags’ contains these parameters: ‘fw, fd, fa, fm, fc, cl’

4.Make sure ‘filesz’ is set to ‘20M’

5.Make sure ‘expire-after’ is set to ‘100M’

6.Save and close the file

7.Run this command to apply the settings: “audit -s”

Example:

More info here: https://www.freebsd.org/cgi/man.cgi?query=audit_control&sektion=5&n=1