> how does everyone open a new Security audit journal ? [...]
I can't speak for everyone. I have a DCL script which I try to
remember to use annually.
> [...] do you have a batch job do it? [...]
I do it manually, in case my (not-well-tested) procedure does
something unexpected.
Use/examine at your own risk:
$! 2014-01-02 SMS.
$!
$! Annual security audit file management.
$!
$! Note:
$! If you omit the file-spec parameter, the Audit Analysis utility
$! (ANALYZE /AUDIT) searches for the default audit log file
$! SECURITY.AUDIT$JOURNAL.
$!
$! The default audit log file is created in the SYS$COMMON:[SYSMGR]
$! directory. To use the file, specify SYS$MANAGER on the ANALYZE
$! /AUDIT command line. If you do not specify a directory, the
$! utility searches for the file in the current directory.
$!
$ year = f$cvtime( f$time(), , "year") ! This year.
$ pyear = year- 1 ! Previous year.
$!
$! Disable auditing.
$!
$ SET AUDIT /SERVER = EXIT
$!
$! Save previous year's audit journal data in SECURITY_pyear.AUDIT$JOURNAL.
$!
$ ANALYZE /AUDIT /BINARY /SINCE = 1-JAN-'pyear' /BEFORE = 1-JAN-'year' -
/OUTPUT = SYS$COMMON:[SYSMGR]SECURITY_'pyear'.AUDIT$JOURNAL -
SYS$MANAGER:SECURITY.AUDIT$JOURNAL
$!
$! Extract current year's SECURITY.AUDIT$JOURNAL data into new
$! SECURITY.AUDIT$JOURNAL.
$!
$ ANALYZE /AUDIT /BINARY /SINCE = 1-JAN-'year' -
/OUTPUT = SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL_new -
SYS$MANAGER:SECURITY.AUDIT$JOURNAL
$!
$ RENAME SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL_new -
SYS$COMMON:[SYSMGR]SECURITY.AUDIT$JOURNAL;
$!
$! Restart audit server.
$!
$ @ SYS$SYSTEM:STARTUP.COM AUDIT_SERVER
$!
$ write sys$output " Delete SYS$MANAGER:SECURITY.AUDIT$JOURNAL;-1 ?"
$ write sys$output " Compress SYS$MANAGER:SECURITY_''pyear'.AUDIT$JOURNAL ?"
$!
