The system audit trail (SAT) is a subsystem that allows the site administrator to make a record of all system activity. The ongoing record of system activity shows general trends in system usage, and also violations of the security policy. The site administrators can monitor all system activity through the audit trail. There are many different types of activities that take place on a trusted computer system. There are login attempts, file manipulations, use of devices (such as printers and tape drives), and administrative activity. All of these activities can be logged and reviewed through the system audit trail.

It is vitally important to remember that the system audit trail does not exist to allow users to spy on one another, nor does it exist as a mechanism to entrap users. It exists as a means to locate intentional violations of security policy.

Most audit records are generated in the course of normal work. Even records with ominous sounding names, such as sat_access_denied, happen in the course of ordinary activities. Your auditor does not spy on your system activity; he or she guards against an outsider attempting to damage your work.

You do not need to take any action regarding the audit trail. It is maintained by the system and by the auditor at your site. The auditing process is completely transparent to the user.