HPE Community
Operating System - HP-UX
1832262 Members
2286 Online
110041 Solutions
New Discussion

Audit messages filling up system console

 
SOLVED
Go to solution
Wojciech Furmankiewicz_1
Occasional Contributor

‎04-16-2005 10:42 AM

‎04-16-2005 10:42 AM

Audit messages filling up system console

Hello,

I have a lot of useless messages filling up the system console every 10 seconds saying:
there is 70% space left on audit filesystem
The space tresholds are set to defaults (audomon command).
Does anybody know how to stop the messages ?

Thanks in advance for your help.
Wojtek
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎04-16-2005 05:38 PM

‎04-16-2005 05:38 PM

Solution

Re: Audit messages filling up system console

You have not set your system up to care whether there is 70% or 5% on the filesystem the audit files are in.

These messages are triggered because the audit file size you have set in the configuration is approaching full size or exceeding the maximum you set.

In /etc/.secure

You have a configuration file that will let you change the size of the files. Since you seem to have plenty of space, I suggest you choose a larger filesize and then the messages will stop going to the kernel.

Having cron copy and clear the files once in a while will also stop the console messages.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Bill Hassell
Honored Contributor

‎04-17-2005 01:05 PM

‎04-17-2005 01:05 PM

Re: Audit messages filling up system console

When you turn on auditing, it is very easy to create MASSIVELY large logfiles. The audit system default location is the / (root) filesystem, the WORST place ever for fast-growing logfiles. The program which is producing the messages in syslog is called audomon. Read the man page for audomon and audsys and then select a location in /var where there is enough space. Change the default file location for audsys as well as the size. You should not get the warning message once the location and size for switching are reasonable.

Note that it is very easy to audit so many events at the same time that our system will perform much slower and the logfiles may be hundreds of megs in just a day or two.


Bill Hassell, sysadmin
Reply
Timothy Sullivan
Member

‎03-22-2006 08:55 AM

‎03-22-2006 08:55 AM

Re: Audit messages filling up system console

Just a minor clarification on Steven's post above (from 11 months ago!)

In hp-ux 11.11, the default location where the audit files will live and grow is /.secure/etc/ and not /etc/.secure/

I just had this issue occur on a brand new box I set up today. I ran Bastille and asked Bastille to turn auditing on as part of its configuration process.

When I returned from lunch, I found /dev/root full. The auditing system was the cause.

I temporarily turned off auditing using the command: audsys -f

Then, in /.secure/etc/ I deleted these two files:
audfile1
audfile2

Now, I'll reconfigure the auditing system so that it does not do this again.

Tim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.