Determine the amount of audit data (in megabytes) which should be retained in each log file. Edit the file '/etc/audit/auditd.conf'. Add or modify the following line, substituting the correct value for

[6_MB]

The total storage for audit log files must be large enough to retain log information over the period required. This is a function of the maximum log file size and the number of logs retained.