HPE Community
Operating System - HP-UX
1837981 Members
1866 Online
110124 Solutions
New Discussion

repeat message on console...

 
SOLVED
Go to solution
Tom Spence_1
Regular Advisor

‎07-29-2002 05:47 AM

‎07-29-2002 05:47 AM

repeat message on console...

Hi,

How can I stop the repeat message? Like this:

Audit System Approching AuditFileSwitch Point
current audit file size = 4986 kilobytes

It repeats about every 30 second. Any idea?
Thinking Snow!
0 Kudos
Reply
11 REPLIES 11
Bill Hassell
Honored Contributor

‎07-29-2002 05:56 AM

‎07-29-2002 05:56 AM

Re: repeat message on console...

This is part of the Trusted system auditing. The audit system will perform a switch between the current and the alternate audit logs soon. However, it is also possible that audited events are occuring extremely rapidly and the files are switching several times per day (not good). Check your audited events to see if there is just too much detail, or change the log locations to another lvol and allow for a larger logfile. See man pades for audit and audsys.


Bill Hassell, sysadmin
0 Kudos
Reply
Tom Spence_1
Regular Advisor

‎07-29-2002 05:57 AM

‎07-29-2002 05:57 AM

Re: repeat message on console...

Should I type like this:

auditing stop

will it any harm on server?

Let me know...
Thinking Snow!
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-29-2002 05:59 AM

‎07-29-2002 05:59 AM

Re: repeat message on console...

Turning off the auditing system will cause no harm except you won't collect information on the audited events. However, after you stop audting, look at the logged events--you may find some problems that need immdiate attention. Auditing is part of the security system and unusual problems should be thoroughly investigated rather than simply stopping the reports.


Bill Hassell, sysadmin
0 Kudos
Reply
Tom Spence_1
Regular Advisor

‎07-29-2002 06:03 AM

‎07-29-2002 06:03 AM

Re: repeat message on console...

Okay, then tell me what should I do now? Just give me step-by-step if you don't mind? Thanks.
Thinking Snow!
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎07-29-2002 06:08 AM

‎07-29-2002 06:08 AM

Re: repeat message on console...

Hello,

to turn off auditing,

# audsys -f

to turn back on,

# audsys -n

to specify a current and next file,

# audsys -c -s size(Mb) -x -x size(Mb)

do a man on audsys for more detail.

I noticed that your file size is only about 5-6 Mb in size because auditing start displaying those messages at the 90% full mark. One thing you could do is bump up the size of the audit files. Not to take away from Bill in that something could be wrong and you should look at it. I however, do not have one server that has an audit file that small. In fact, on my servers I have a 1Gb file system to dump these files.

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Steve Steel
Honored Contributor

‎07-29-2002 06:09 AM

‎07-29-2002 06:09 AM

Re: repeat message on console...

Hi


Look at


http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xea950559ff7cd4118fef0090279cd0f9,00.html


It gives you some options.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎07-29-2002 06:13 AM

‎07-29-2002 06:13 AM

Re: repeat message on console...

hi,
do this
run sam
then auditing and security
select any auditing function (eg. audited events) press return
in the next screen select actions and selct turn auditing off and press enter.

actually when auting is turned on it writes audit log to /.secure/etc/audfile1 and audfile2. u can empty these files also to stop the message.

regds
Never Say No
0 Kudos
Reply
Tom Spence_1
Regular Advisor

‎07-29-2002 06:31 AM

‎07-29-2002 06:31 AM

Re: repeat message on console...

hi,
do this
run sam
then auditing and security
select any auditing function (eg. audited events) press return
in the next screen select actions and selct turn auditing off and press enter.

actually when auting is turned on it writes audit log to /.secure/etc/audfile1 and audfile2. u can empty these files also to stop the message.

regds
-----------------------------
Great I am glad to know about audfile1 and 2...

Let me tell you what I did,

audsys -f
>audfile1
>audfile2
audsys -n

Sad, the message is back even though the files are zero size! Any idea?

Thanks!

-Tom
Thinking Snow!
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎07-29-2002 06:38 AM

‎07-29-2002 06:38 AM

Re: repeat message on console...

HI
Depending on how you want to track the auditing information, you may decide on any one of following solutions.
1. Turn off the auditing (#audsys -f), if you do not need to track the audating events.

2. Create the large audit files.
By default the audit files are written in /.secure/etc directory.
So if you create large audit files make sure you have enough space in "/"
#audsys -c /.secure/etc/audfile1 -s 100000 -x /.secure/etc/audfile2 -z 100000
This will define the current and next audit file of 100MB size.

3. Create large audit files on seperate file systems.
Create a seperate, large file system for audit files and link it to /.secure/etc dir.

In my environment I have large file system for this /.secure/etc dir and 100MB audit files defined. I also run a cron script every hour to check the current usage of current audit file using (audsys) command. and If current audit file is more than 95% full, I shutdown auditing (audsys -n); Change the audit file to start on next audit file, restart the auditing.

Thanks.
Prashant.

Take it as it comes.
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎07-29-2002 06:43 AM

‎07-29-2002 06:43 AM

Solution

Re: repeat message on console...

hi,
audfile1 and audfile2 are default files. may be on ur system the files are with different names and located some where else. it is possible. u can do the following.
run sam - auditing and security - select audited events - press return - actions - set audit monitor and log parameters.
there u can see a primary audit log file and an auxiliary log file. then try minimizing those files if they are different.

regds
Never Say No
Reply
Tom Spence_1
Regular Advisor

‎07-29-2002 06:50 AM

‎07-29-2002 06:50 AM

Re: repeat message on console...

Ahh, thanks so much for your greatly help... I appreciate it.

-Tom
Thinking Snow!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.