Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
cancel
Showing results for 
Search instead for 
Did you mean: 

Console and Syslog Message

SOLVED
Go to solution
Angela L. Shepherd_1
Occasional Advisor

Console and Syslog Message

Receiving the following Console message:
Audomon: Cannot stat the current audit file system.

Receiving the following message under /var/adm/syslog/messages:

The current audit file is switched from /usr45/audsys/af.dpas03.20001107105703
to /usr45/audsys/af.dpas03.20001107105704.
Notify the security officer to specify a backup.
No next (backup) audit file.


1 REPLY
Elizabeth_2
Valued Contributor
Solution

Re: Console and Syslog Message


Fix the problem by using the following steps:

1. audsys

The auditing system is currently on.
Current file: /secure/etc/audfile1.
Next file: /secure/etc/audfile2.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 0 83733 16501 0
next file 1039 0 0 83733 16501 0

cd /secure/etc
ls
audfile1 audfile2 audname

2. Stay in the /secure/etc directory and execute:

touch audfile3
touch audfile4

audsys -c audfile3 -s 1039 -x audfile4 -z 1039

audsys

Current file: /secure/etc/audfile3.
Next file: /secure/etc/audfile4.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 100 83733 16501 80
next file 1039 0 100 83733 16501 80

3. After reviewing the contents, issue the following commands:

cat /dev/null > audfile1
cat /dev/null > audfile2

4. Use the following command to set it back to the original files:

audsys -c audfile1 -s 1039 -x audfile2 -z 1039