HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

file system filled with auditing files

 

file system filled with auditing files

Hello ,

 

I am a new bee in unix and  I enabled auditing on my hp-ux box and now i can see lot of audit files with different time stamp.

 

Following is the config in  "/etc/rc.config.d/auditing"

 

PRI_AUDFILE=/var/.audit/audtrail
PRI_SWITCH=1000
SEC_AUDFILE=*
SEC_SWITCH=0

AUDEVENT_ARGS1="-P -F -r basic"
AUDEVENT_ARGS2=""
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=""

AUDOMON_ARGS="-p 20 -t 1 -w 90"

 

I just came to know since i didn't specify SEC_AUDFILE so the auditing files are getting switched when it reached switch point(100KB)  with same name but with timestamp appended.

 

Pelase suggest how to define a actioin using -X option .

I want to have only 2 have 2 files . one is old backup file and one current file (single backup file)

i.e if primary file reached switch point then it should go to secondar file and after secondary gets filled the older backup should get delted and sconday file should become backkup

 

I can change the switch point value to higher value no issues..

 

A quick help wll be appreciated.....

 

Regards

Abhishek J