cancel
Showing results for 
Search instead for 
Did you mean: 

Console and Syslog Message

SOLVED
Go to solution
Angela L. Shepherd_1
Occasional Advisor

Console and Syslog Message

Receiving the following Console message:
Audomon: Cannot stat the current audit file system.

Receiving the following message under /var/adm/syslog/messages:

The current audit file is switched from /usr45/audsys/af.dpas03.20001107105703
to /usr45/audsys/af.dpas03.20001107105704.
Notify the security officer to specify a backup.
No next (backup) audit file.


1 REPLY
Elizabeth_2
Valued Contributor
Solution

Re: Console and Syslog Message


Fix the problem by using the following steps:

1. audsys

The auditing system is currently on.
Current file: /secure/etc/audfile1.
Next file: /secure/etc/audfile2.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 0 83733 16501 0
next file 1039 0 0 83733 16501 0

cd /secure/etc
ls
audfile1 audfile2 audname

2. Stay in the /secure/etc directory and execute:

touch audfile3
touch audfile4

audsys -c audfile3 -s 1039 -x audfile4 -z 1039

audsys

Current file: /secure/etc/audfile3.
Next file: /secure/etc/audfile4.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 100 83733 16501 80
next file 1039 0 100 83733 16501 80

3. After reviewing the contents, issue the following commands:

cat /dev/null > audfile1
cat /dev/null > audfile2

4. Use the following command to set it back to the original files:

audsys -c audfile1 -s 1039 -x audfile2 -z 1039