HPE Community
Operating System - HP-UX
1753300 Members
7560 Online
108792 Solutions
New Discussion юеВ

audit file switch

 
Lev Assinovsky
Frequent Advisor

тАО06-17-2004 10:03 PM

тАО06-17-2004 10:03 PM

audit file switch

Hi everybody!

Does anybody know what does audit do if even
"backup" file is full?
Thanks.
0 Kudos
Reply
2 REPLIES 2
Joseph Loo
Honored Contributor

тАО06-17-2004 10:39 PM

тАО06-17-2004 10:39 PM

Re: audit file switch

hi,

not quite sure i understand. audit has only "current" and "next" audit file set. as soon as "current" file has reach its stated size, "next" file will take over and grow past the stated size till u have stop auditing, i.e. audsys -f, and either migrate the 2 files to another location or delete them.

hope i answer your question.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО06-18-2004 01:30 AM

тАО06-18-2004 01:30 AM

Re: audit file switch

Hi,

It will not switch back to primary file. And it's really bad if auditing subsystem is not able to write to the log files. It will slow down the system.

Have a script in place that will check the sizes of the log files and switch them manually. 'audsys' without any options gives you how the files are used. Periodically archive the audit logs. Run cron every hour or so, set the current file to backup file using 'audsys -c ' command, archive the primary file, set it as the current file, archive the backupfile and set it as the next file.

Look at audsys command for usage information.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.