HPE Community
Operating System - HP-UX
1826496 Members
2803 Online
109692 Solutions
New Discussion

Re: disk space for auditing data in C2 Trusted System

 
SOLVED
Go to solution
Victor_5
Trusted Contributor

‎05-10-2002 07:20 AM

‎05-10-2002 07:20 AM

disk space for auditing data in C2 Trusted System

I was told for auditing data in C2 Trusted System, we do need enough disk space for those event logs, I know it is depends on the system size, the amount of system activity and the number of events, etc.

My question is, if I turn on all the events, for a large environment, what is the max or average space we need? Please tell me the details of the environment(size, events no.,...) when you give me the amount of space, thanks.

0 Kudos
Reply
4 REPLIES 4
Christopher McCray_1
Honored Contributor

‎05-10-2002 07:29 AM

‎05-10-2002 07:29 AM

Solution

Re: disk space for auditing data in C2 Trusted System

Hello, Victor.

We have a good deal of auditing we need to perform as well. Although we don't turn all events on, we have about 90% of them on. What we have done was as a minimum created a 1GB filesystem called /audit to dump our files. We then implemented as script launched in cron to monitor and switch the files as needed. The fast answer is for all events, it depends on the application and the amount of users you have that will trigger all those events by doing their work. Some of my servers, /audit is upward of 3Gb and we still have to pay attention to it's filling up. I've attached my script for you to look at.

Hope this helps

Chris
It wasn't me!!!!
Reply
Victor_5
Trusted Contributor

‎05-10-2002 07:53 AM

‎05-10-2002 07:53 AM

Re: disk space for auditing data in C2 Trusted System

Cool, thanks a lot, Christopher! More input?
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎05-10-2002 09:03 AM

‎05-10-2002 09:03 AM

Re: disk space for auditing data in C2 Trusted System

Hello again,

My environment is 38 HP-UX servers (I, L, K, N, V and rp class). They are not part of one large environment, rather broken up into groups of two, three, or more depending on the project. I run Oracle, Netscape Enteprise and Directory server, MQSeries, etc. The number of users vary from project to project, from approx. 60-70 to over 11,000. Most of my customers connect through the web rather than directly via our NT front end. Another note is that depnding on whether you are hosting sound applications that are well developed and executed, or if you are hosing "crapplications" will also determine your auditing load. I have attached the list of audited events and system calls from one of my N-class servers, although they are one and the same across the board. I think it is a good starting point for you, depending on your requirements, but I wouldn't necessarily "open the flood gates" for auditing, unit you have a good feel of your situation.

Hope this helps
Chris
It wasn't me!!!!
Reply
Victor_5
Trusted Contributor

‎05-10-2002 09:11 AM

‎05-10-2002 09:11 AM

Re: disk space for auditing data in C2 Trusted System

Thanks a lot, Chris, really appreciated, it IS helpful for me, 10 points again!

Have a great weekend!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.