Operating System - HP-UX

1753436 Members

4639 Online

108794 Solutions

file system filled with auditing files

Hello ,

I am a new bee in unix and I enabled auditing on my hp-ux box and now i can see lot of audit files with different time stamp.

Following is the config in "/etc/rc.config.d/auditing"

PRI_AUDFILE=/var/.audit/audtrail
PRI_SWITCH=1000
SEC_AUDFILE=*
SEC_SWITCH=0

AUDEVENT_ARGS1="-P -F -r basic"
AUDEVENT_ARGS2=""
AUDEVENT_ARGS3=""
AUDEVENT_ARGS4=""

AUDOMON_ARGS="-p 20 -t 1 -w 90"

I just came to know since i didn't specify SEC_AUDFILE so the auditing files are getting switched when it reached switch point(100KB) with same name but with timestamp appended.

Pelase suggest how to define a actioin using -X option .

I want to have only 2 have 2 files . one is old backup file and one current file (single backup file)

i.e if primary file reached switch point then it should go to secondar file and after secondary gets filled the older backup should get delted and sconday file should become backkup

I can change the switch point value to higher value no issues..

A quick help wll be appreciated.....

Regards

Abhishek J

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

file system filled with auditing files

file system filled with auditing files