Auditing trail logs exceeds threshold limit

Chandra441 · ‎09-17-2018

Hi All,

I am using HPUX 11iV3 ia64.

In /etc/rc.config.d/auditing the following are the parameters specified

PRI_AUDFILE=/var/opt/audit/audtrail
PRI_SWITCH=1000
SEC_AUDFILE=*
SEC_SWITCH=0

AUDEVENT_ARGS1="-P -F -r basic"
AUDEVENT_ARGS2=""
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=""

AUDOMON_ARGS="-p 20 -t 1 -w 90"

when auditing is enabled the the audit trails logs are getting generated at /var/opt/audit/ location.

1. But when the audit trail log reaches 1000 it should get switched to next trail log automatically but in my case this is not happening.

Sometimes the audit size will 1064Kb, 1020Kb but sometimes the growth of log file is big it extends to 32654Kb , 29643Kb...

Why this is happening and how to set each trail log only to 1000kb.

2. How to reduce the frequency of creating audit trail logs.

means how to set auditing should get collected only once in one hour.

The below is the sample audsys output

# audsys
auditing system is currently on
current trail: /var/opt/audit/audtrail.20180917_1204
next trail: none
statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current trail: 1000 26073 -2506 20480000 2463060 88
next trail: none

auditing system is actively writing to 1 file(s)

Please help :)

NayakSandeep · ‎11-21-2018

If the system is HPUX 11.31, Check if the system has this patch.

PHCO_44718 11.31 audcmnds cumulative patch

UNIQX

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Auditing trail logs exceeds threshold limit

Auditing trail logs exceeds threshold limit

Re: Auditing trail logs exceeds threshold limit