audomon -X option

Mauro Gatti · ‎11-05-2008

Hi all,
can you confirm that -X option in audomon command is available only from HP-UX 11i v3 and later?
Does it mean taht you have to manually manage audfile in previous version of HP-UX?

Thank you

Regards

Mauro

Ubi maior, minor cessat!

VK2COT · ‎11-05-2008

Hello,

To the best of my knowledge, HP-UX 11.31 has that new flag for audomon(1M):

/usr/sbin/audomon [-p fss] [-t sp_freq]
[-w warning] [-v] [-o output_tty] [-X string]

If you have on-line manuals, you could find the following example:

# audomon -p 20 -t 1 -w 90 -X "/usr/local/bin/rcp_audit_trail hostname"

This starts audomon daemon with the
following expected behaviors, assuming
auditing system was started using

# audsys -n -c /var/.audit/my_trail -s 1000

â ¢ audomon sleeps at least 1 minute at
intervals;
â ¢ When the size of current audit trail
reaches 1000 * 90% = 900 kbytes, or the file
system that contains the current audit trail
has reached (100%-20%) * 90% = 72% full,
audomon will start printing out warning
messages to the console;
â ¢ When the size of current audit trail
reaches 1000 kbytes, or the file system that
contains the current audit trail has reached
100% - 20% = 80% full, audomon will switch
recording data to:
/var/.audid/my_trail.yyyymmddHHMM,
where yyyymmddHHMM is replaced by the time
when the switch has happened;
â ¢ After the switch succeeded, audomon will
invoke:

sh -c "/usr/local/bin/rcp_audit_trail
hostname /var/.audit/my_trail"

to copy /var/.audit/my_trail to a remote
system assuming that is what the given script
intends to do.

Cheers,

VK2COT

VK2COT - Dusan Baljevic

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

audomon -X option

audomon -X option

Re: audomon -X option