HPE Community
Operating System - HP-UX
1820401 Members
3365 Online
109624 Solutions
New Discussion юеВ

System audit (audsys) filling the file system and hanging the system

 
unix adm
Regular Advisor

тАО07-28-2009 04:07 AM

тАО07-28-2009 04:07 AM

System audit (audsys) filling the file system and hanging the system

Experts!

Enabling system audit on my system is filling the /var file system and hanging the complete system and i have to go for reboot to fix it.

it keeps on creating new files and fill the filesystem , even new sparate file system for audit has same ending.

Is there anyway to limit the space utilization by system audit (audsys) or to make it run smoother.


in /etc/rc.config.d/auditing I have following arguments for daemon.


Thanks in Advance!


Rajeev!

AUDOMON_ARGS=" -p 20 -t 1 -w 90"

0 Kudos
Reply
5 REPLIES 5
Duncan Edmonstone
HPE Pro

тАО07-28-2009 04:15 AM

тАО07-28-2009 04:15 AM

Re: System audit (audsys) filling the file system and hanging the system

On a busy system there can be literally thousands of auditing events to record every minute, so in these sorts of situations you have 2 choices:

1) Provide considerably more disk space and implement a mechanism to archive audit logs regularly.

2) Choose to audit less things - see the man pages for audevent and audusr for info on how to choose what to audit...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
unix adm
Regular Advisor

тАО07-28-2009 08:41 PM

тАО07-28-2009 08:41 PM

Re: System audit (audsys) filling the file system and hanging the system

This does not look normal to me its filling up even more than 2 GB separate file system.

Thanks
Rajeev
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-28-2009 10:49 PM

тАО07-28-2009 10:49 PM

Re: System audit (audsys) filling the file system and hanging the system

>This does not look normal to me

You asked that it log that much info. You need to wade through what you got to see what you don't need.
0 Kudos
Reply
likid0
Honored Contributor

тАО07-29-2009 12:33 AM

тАО07-29-2009 12:33 AM

Re: System audit (audsys) filling the file system and hanging the system

And also is a good idea to create and independent FS, for your audit files.

I usually create a /.secure 2 gig FS.

But I only audit root actions.
Windows?, no thanks
0 Kudos
Reply
George Jolightson
New Member

тАО07-29-2009 01:45 AM

тАО07-29-2009 01:45 AM

Re: System audit (audsys) filling the file system and hanging the system

I think you are talking about 11.31. you have to create a new file system and mount it under /var/.audit. Also you have to verify what and all transactions you actully need audit.

Refer http://www.docs.hp.com/en/5992-3387/5992-3387.pdf

Thanks

George
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.