Hello,
To the best of my knowledge, HP-UX 11.31 has that new flag for audomon(1M):
/usr/sbin/audomon [-p fss] [-t sp_freq]
[-w warning] [-v] [-o output_tty] [-X string]
If you have on-line manuals, you could find the following example:
# audomon -p 20 -t 1 -w 90 -X "/usr/local/bin/rcp_audit_trail hostname"
This starts audomon daemon with the
following expected behaviors, assuming
auditing system was started using
# audsys -n -c /var/.audit/my_trail -s 1000
â ¢ audomon sleeps at least 1 minute at
intervals;
â ¢ When the size of current audit trail
reaches 1000 * 90% = 900 kbytes, or the file
system that contains the current audit trail
has reached (100%-20%) * 90% = 72% full,
audomon will start printing out warning
messages to the console;
â ¢ When the size of current audit trail
reaches 1000 kbytes, or the file system that
contains the current audit trail has reached
100% - 20% = 80% full, audomon will switch
recording data to:
/var/.audid/my_trail.yyyymmddHHMM,
where yyyymmddHHMM is replaced by the time
when the switch has happened;
â ¢ After the switch succeeded, audomon will
invoke:
sh -c "/usr/local/bin/rcp_audit_trail
hostname /var/.audit/my_trail"
to copy /var/.audit/my_trail to a remote
system assuming that is what the given script
intends to do.
Cheers,
VK2COT
VK2COT - Dusan Baljevic
