proper way to archive audit logs

Erik Voelker_3 · ‎04-10-2000

I just converted a HPUX 11.0 system into a trusted system and I am not sure of
the proper way to archive or clear out the /.secure/etc/audfile1 and or
audfile2 log files.
Any suggestions?

Roger Pusey_2 · ‎04-10-2000

Hi Erik,

This may help you. This details how to switch the logs. Once switched, you can
view, archive, delete, etc..

# audsys (See manpage for more details)
The auditing system is currently on.
Current file: /secure/etc/audfile1.
Next file: /secure/etc/audfile2.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 0 83733 16501 0
next file 1039 0 0 83733 16501 0

# cd /secure/etc

# touch audfile3

# touch audfile4

# audsys -c audfile3 -s 1039 -x audfile4 -z 1039

# audsys
Current file: /secure/etc/audfile3.
Next file: /secure/etc/audfile4.
Statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file 1039 0 100 83733 16501 80
next file 1039 0 100 83733 16501 80

After reviewing the contents, or archiving, you can
issue the following commands to switch back :

# cat /dev/null > audfile1
# cat /dev/null > audfile2

Use the following command to set it back to the original files:

# audsys -c audfile1 -s 1039 -x audfile2 -z 1039

Regards,

Roger.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

proper way to archive audit logs

proper way to archive audit logs

Re: proper way to archive audit logs