Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Merge Multiple SECURITY.AUDIT$JOURNAL files?

SOLVED
Go to solution
Edwin R. van der Kaaij
Frequent Advisor

Merge Multiple SECURITY.AUDIT$JOURNAL files?

Hello All,

Is it possible to flawlessly merge multiple security audit logfiles into one?

Then place that resulting file in sys$manager and start security auditing to start adding events to it?

Thanks in advance, Ed.
5 REPLIES
Karl Rohwedder
Honored Contributor
Solution

Re: Merge Multiple SECURITY.AUDIT$JOURNAL files?

I think a plain
$ convert file1+file2+filen new
should do.


regards Kalle
Edwin R. van der Kaaij
Frequent Advisor

Re: Merge Multiple SECURITY.AUDIT$JOURNAL files?

hmmm, that simple. let me try :o)
Ian Miller.
Honored Contributor

Re: Merge Multiple SECURITY.AUDIT$JOURNAL files?

Why?
you can generate reports from multiple files.
____________________
Purely Personal Opinion
Edwin R. van der Kaaij
Frequent Advisor

Re: Merge Multiple SECURITY.AUDIT$JOURNAL files?

thanks guys, I had just lost total focus. the convert works fine. multiple input files did not work in our situation :o)
Hein van den Heuvel
Honored Contributor

Re: Merge Multiple SECURITY.AUDIT$JOURNAL files?

Ed, that sound counter-stream.
It is 'nice' to be able to cut up the log in date ranged section. This allows you to put away older sections. It allows you to mark the really old files as no-backup and make sure only the last one is cauch with incremental backups.

As Ian indicates, why not just report from multiple files.

The security journal is a simple variable length record file. However. It does have a header record, pointing back to the prior file and a cloding record, pointing on to the next file.

So for a proper concatenation you probably should remove those.

So I would try:

$ type tmp%.txt
TMP1.TXT;1 ! Keep 1, skip last
aap
noot
next
TMP2.TXT;1 ! Skip 1 and last
prior
mies
teun
TMP3.TXT;1 ! Skip 1 keep last (still open_
prio
vuur
$ perl -ne "print $rec if ($. > 1); $rec = $_" tmp1.txt > tmp.txt
$ perl -ne "print $rec if ($. > 2); $rec = $_" tmp2.txt >> tmp.txt
$ perl -ne "print $_ if ($. > 1)" tmp3.txt >> tmp.txt
$ type tmp.txt
aap
noot
mies
vuur


I woudl also be tempted to dump and analyze those first and last records to recognize them properly instead of expecting them to be there or not.

Groetjes,
Hein.