HPE Community
Operating System - HP-UX
1832568 Members
4310 Online
110043 Solutions
New Discussion

Re: Message show "current audit file size is 44299 kilobytes!!!"

 
natis
Frequent Contributor

‎10-03-2007 09:20 PM

‎10-03-2007 09:20 PM

Message show "current audit file size is 44299 kilobytes!!!"

It always show this message below, when I log into my server.

"current audit file size is 44299 kilobytes!!!
an attempt to switch to the backup file failed.
Must specify a backup file now !" How I trouble this issue. please, suggest me.
0 Kudos
Reply
3 REPLIES 3
Dennis Handly
Acclaimed Contributor

‎10-03-2007 09:41 PM

‎10-03-2007 09:41 PM

Re: Message show "current audit file size is 44299 kilobytes!!!"

You may want to look at this thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1161149
0 Kudos
Reply
J. Bravo
Respected Contributor

‎10-03-2007 09:42 PM

‎10-03-2007 09:42 PM

Re: Message show "current audit file size is 44299 kilobytes!!!"

Hi:

I think that you need to configure your /etc/rc.config.d/auditing with an audit backup file.

Regards;

J. Bravo.
0 Kudos
Reply
whiteknight
Honored Contributor

‎10-03-2007 10:09 PM

‎10-03-2007 10:09 PM

Re: Message show "current audit file size is 44299 kilobytes!!!"

Natis

The auxiliary log file reaches its switch size Audit data is very important for maintaining system security. Therefore audit log files will never be overwritten automatically. As stated in the above manual: "The primary log file is where audit records begin to be collected. When this file approaches a predefined capacity (its Audit File Switch (AFS) size), or when the file system on which it resides approaches a predefined capacity (its File Space Switch (FSS) size), the auditing subsystem issues a warning. When either the AFS or the FSS of the primary log file is reached, the auditing subsystem attempts to switch to the auxiliary log file for recording audit data. If no auxiliary log file is specified, the primary log file continues to grow." Once you switch over to the auxiliary log file, it becomes the primary, and there is no auxiliary log file to switch to. The following statement from the manual applies: "If the primary audit log continues to grow past the FSS point, a system-defined parameter, minfree, could be reached. All auditable actions are suspended for regular users at this point. Restore the system to operation by archiving the audit data, or specifying a new audit log file on a file system with space." When a switch occured from your primary to your auxiliary log file, and your former auxiliary log file now approaches its switch size or file system space switch size (ASS or FSS), a warning is issued. The file will then continue to grow until your file system is full. This is especially a problem if your audit files reside on your root file system. Recommendations:
Choose a file system which is not the root file system with sufficient space to hold your audit data.
Check your audit logs on a regular basis.
Archive your audit logs when they become full.

WK
Problem never ends, you must know how to fix it
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.