https://community.hpe.com/t5/operating-system-hp-ux/audomon-x-option/m-p/4300711#M734473 Hello,<BR /><BR />To the best of my knowledge, HP-UX 11.31 has that new flag for audomon(1M):<BR /><BR />/usr/sbin/audomon [-p fss] [-t sp_freq]<BR />[-w warning] [-v] [-o output_tty] [-X string]<BR /><BR />If you have on-line manuals, you could find the following example:<BR /><BR /># audomon -p 20 -t 1 -w 90 -X "/usr/local/bin/rcp_audit_trail hostname"<BR /> <BR />This starts audomon daemon with the <BR />following expected behaviors, assuming <BR />auditing system was started using<BR /><BR /># audsys -n -c /var/.audit/my_trail -s 1000<BR /> <BR /> â ¢ audomon sleeps at least 1 minute at<BR />intervals;<BR /> â ¢ When the size of current audit trail<BR />reaches 1000 * 90% = 900 kbytes, or the file<BR />system that contains the current audit trail<BR />has reached (100%-20%) * 90% = 72% full,<BR />audomon will start printing out warning<BR />messages to the console;<BR /> â ¢ When the size of current audit trail<BR />reaches 1000 kbytes, or the file system that<BR />contains the current audit trail has reached<BR />100% - 20% = 80% full, audomon will switch<BR />recording data to:<BR />/var/.audid/my_trail.yyyymmddHHMM, <BR />where yyyymmddHHMM is replaced by the time<BR />when the switch has happened;<BR /> â ¢ After the switch succeeded, audomon will<BR />invoke:<BR /><BR />sh -c "/usr/local/bin/rcp_audit_trail<BR />hostname /var/.audit/my_trail"<BR /> <BR />to copy /var/.audit/my_trail to a remote<BR />system assuming that is what the given script<BR />intends to do.<BR /><BR />Cheers,<BR /><BR />VK2COT Wed, 05 Nov 2008 10:05:26 GMT VK2COT 2008-11-05T10:05:26Z https://community.hpe.com/t5/operating-system-hp-ux/audomon-x-option/m-p/4300710#M734472 Hi all,<BR />can you confirm that -X option in audomon command is available only from HP-UX 11i v3 and later?<BR />Does it mean taht you have to manually manage audfile in previous version of HP-UX?<BR /><BR />Thank you<BR /><BR />Regards<BR /><BR />Mauro<BR /> Wed, 05 Nov 2008 09:45:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/audomon-x-option/m-p/4300710#M734472 Mauro Gatti 2008-11-05T09:45:12Z https://community.hpe.com/t5/operating-system-hp-ux/audomon-x-option/m-p/4300711#M734473 Hello,<BR /><BR />To the best of my knowledge, HP-UX 11.31 has that new flag for audomon(1M):<BR /><BR />/usr/sbin/audomon [-p fss] [-t sp_freq]<BR />[-w warning] [-v] [-o output_tty] [-X string]<BR /><BR />If you have on-line manuals, you could find the following example:<BR /><BR /># audomon -p 20 -t 1 -w 90 -X "/usr/local/bin/rcp_audit_trail hostname"<BR /> <BR />This starts audomon daemon with the <BR />following expected behaviors, assuming <BR />auditing system was started using<BR /><BR /># audsys -n -c /var/.audit/my_trail -s 1000<BR /> <BR /> â ¢ audomon sleeps at least 1 minute at<BR />intervals;<BR /> â ¢ When the size of current audit trail<BR />reaches 1000 * 90% = 900 kbytes, or the file<BR />system that contains the current audit trail<BR />has reached (100%-20%) * 90% = 72% full,<BR />audomon will start printing out warning<BR />messages to the console;<BR /> â ¢ When the size of current audit trail<BR />reaches 1000 kbytes, or the file system that<BR />contains the current audit trail has reached<BR />100% - 20% = 80% full, audomon will switch<BR />recording data to:<BR />/var/.audid/my_trail.yyyymmddHHMM, <BR />where yyyymmddHHMM is replaced by the time<BR />when the switch has happened;<BR /> â ¢ After the switch succeeded, audomon will<BR />invoke:<BR /><BR />sh -c "/usr/local/bin/rcp_audit_trail<BR />hostname /var/.audit/my_trail"<BR /> <BR />to copy /var/.audit/my_trail to a remote<BR />system assuming that is what the given script<BR />intends to do.<BR /><BR />Cheers,<BR /><BR />VK2COT Wed, 05 Nov 2008 10:05:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/audomon-x-option/m-p/4300711#M734473 VK2COT 2008-11-05T10:05:26Z