HPE Community
Operating System - HP-UX
1844033 Members
2566 Online
110226 Solutions
New Discussion

Re: Audit logs

 
Srinivas_3
Occasional Advisor

‎10-15-2002 07:46 PM

‎10-15-2002 07:46 PM

Audit logs

Actually my system has Informix running on it. We have converted one of our HPUX 11.0 system to trusted system. The same system has informix 9.21 running on it. Now the audit log shows event type 'kill', event number 37 and owner informix. This message in the audit log repeats for every 1sec. So this fills out the audit log very badly.

Any idea, what the event means? Also please point me to the right documentation for audit logs where we can debug the event types etc.

HPUX 11.0
Informix 9.21
L Class
0 Kudos
Reply
3 REPLIES 3
doug hosking
Esteemed Contributor

‎10-17-2002 06:37 AM

‎10-17-2002 06:37 AM

Re: Audit logs

System call 37 is the 'kill' system call.
(grep -i sys_kill
/usr/include/sys/scall_define.h)

While I don't know about the internals of informix, I can make a guess. Using kill(2) with a signal number of 0 is a convenient way of testing non-destructively to see if another process still exists. (See the kill(2) manual
page.) I would guess that a process is polling once a second to see if another process has died, and, if so, would restart it or do some similar cleanup.

/usr/include/sys/audit.h has some information on audit record types, but this information is subject to change between releases.

0 Kudos
Reply
Darren Prior
Honored Contributor

‎10-17-2002 07:55 AM

‎10-17-2002 07:55 AM

Re: Audit logs

Hi,

In you are not interested in seeing this message then you could consider using audevent to turn off that event. I'd make sure that you know why it's happening first though :)

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.