- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Audit log file size exceed and audit log rotation
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2020 11:30 PM
08-05-2020 11:30 PM
Audit log file size exceed and audit log rotation
Dear Concern,
I've configured audit in our system. But log size exceed as per defined value. Please assist me to solve this issue.
bash-4.3# audsys
auditing system is currently on
current trail: /var/.audit/audfile1
next trail: /var/.audit/audfile2
statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current trail: 10000 251244 -2411 19267584 2278280 88
next trail: 10000 0 100 19267584 2278280 88
auditing system is actively writing to 1 file(s)
bash-4.3# cat /etc/rc.config.d/auditing |grep -v "#"
AUDITING=0
PRI_AUDFILE=/var/.audit/audfile1
PRI_SWITCH=10000
SEC_AUDFILE=/var/.audit/audfile2
SEC_SWITCH=10000
AUDEVENT_ARGS1=" -P -F -s connect"
AUDEVENT_ARGS2=" -P -f -e create -e delete -e moddac -e removable -e login -e ipcopen -s creat -s chdir -s mknod -s chmod -s chown -s mount -s umount -s kill -s reboot -s execve -s swapon -s rename -s mkdir -s rmdir -s accept -s shutdown -s acl -s umount2"
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=" -p -f -s .audit_ctl -s .audit_tag_ctl -s .cachefsstat -s .cell_olstar_backout -s .cell_olstar_lock -s .cell_olstar_operate -s .cell_olstar_specify -s .cell_olstar_unlock -s .chmod_link -s .cmpt_rules -s .file_sec_ctl -s .gang_sched_ctl -s .kernel_module_ctl -s .mrgctl -s .p2p_bcopy_ctl -s .perf_ctl -s .perf_tool_ctl -s .postwait_ctl -s .priv_grp_ctl -s .proc_mgmt_ctl -s .proc_sec_ctl -s .processor_ctl -s .procsm_setop -s .sendfile_by_name -s .set_sys_info -s .setaudevent -s .setmemwindow -s __pset_rtctl -s access -s acct -s adjtime -s audctl -s audswitch -s bind -s chroot -s clock_settime -s close -s execv -s exit -s fattach -s fchdir -s fchmod -s fchown -s fcntl -s fdetach -s fork -s fsetacl -s fstat -s fstat64 -s ftruncate -s ftruncate64 -s getaccess -s getksym -s lchown -s link -s lockf -s lockf64 -s lstat -s lstat64 -s mlock -s mlockall -s mmap -s mmap64 -s modload -s modpath -s modstat -s moduload -s mpctl -s mq_close -s mq_open -s mq_unlink -s msgctl -s msgget -s munlock -s munlockall -s munmap -s open -s pipe -s plock -s pset_assign -s pset_bind -s pset_create -s pset_ctl -s pset_destroy -s pset_setattr -s ptrace -s recv -s recvfrom -s recvmsg -s rtprio -s sched_setparam -s sched_setscheduler -s sem_close -s sem_open -s sem_unlink -s semctl -s semget -s semop -s semtimedop -s send -s sendfile -s sendfile64 -s sendmsg -s sendto -s serialize -s setacl -s setaudid -s setaudproc -s setdomainname -s setevent -s setgid -s setgroups -s setpgid -s setpgrp -s setpgrp3 -s setpriority -s setregid -s setresgid -s setresuid -s setrlimit -s setrlimit64 -s setsockopt -s settimeofday -s settune -s setuid -s shm_open -s shm_unlink -s shmat -s shmctl -s shmdt -s shmget -s sigqueue -s socket -s socketpair -s stat -s stat64 -s stime -s swapctl -s symlink -s truncate -s truncate64 -s ttrace -s ulimit -s umask -s unlink -s vfork -s vfsmount"
AUDOMON_ARGS=" -p 20 -t 1 -w 90"
bash-4.3#
In addition, assist me to log rotate procedure for audit logs like it will keep only last 2 months data.
Thanks
Kauser
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2020 07:46 PM
08-06-2020 07:46 PM
Re: Audit log file size exceed and audit log rotation
Hi,
When the current trail exceeds a predefined capacity (its Audit File Switch (AFS) size), or when the auditing file system on which it resides approaches a predefined capacity (its File Space Switch (FSS) size), the auditing subsystem issues a warning. When either the AFS or the FSS of the current audit trail is reached, the auditing subsystem looks for an auxiliary trail. If one is available, the recording is switched to the auxiliary trail. If no auxiliary trail is specified, the auditing subsystem creates a new audit trail with the same base name but a different timestamp extension and begin recording to it. Audomon also takes a command line to run after a successful audit trail switch to process the last audit trail.
Depending on site-specific needs, the processing may involve data backup, archival, moving off-site, cleaning up or data reporting. If auto-switch is unsuccessful, warning messages are sent to request appropriate administrator action and the current audit trail continues to grow.
for log rotate, you would need to write a script and schedule in cron for getting it rotated , or you can use this open source product from the below site
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/logrotate-3.12.3/
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2020 09:26 PM
08-08-2020 09:26 PM
Re: Audit log file size exceed and audit log rotation
Hi,
In our case, AFS size is already exceed but still audit file is growing. Please share us a solution to resolve the issue.
With Best Regards,
Md. Abdullah-Al Kauser