Administrator's Guide
NOTE:
1. With HP-UX 11i version 3, an auxiliary audit trail does not need to be specified;
the auditing system does switching of audit trails automatically.
2. If autoswitching failed and the current audit trail continues to grow past the FSS
point, all auditable actions are suspended for regular users. The system can be
restored by archiving the audit data, or specifying a new audit log file on a file
system with space.
3. If other activities consume space on the file system, or the file system chosen has
insufficient space for the AFS size chosen, the File Space Switch point can be reached
before the Audit File Switch point.
Choose a file system with adequate space for the audit log files. You can assess the size
of the file systems using the bdf command. HP recommends you configure the log files
to reside on a file system with at least 5 MB of available space and with at least 20%
of its total file space available.
The growth of audit log files is closely monitored by the audit overflow monitor daemon,
audomon, to insure that no audit data is lost.
9.5.1 Configuring Audit Trails
Use the audsys command to specify the primary audit log file and the (optional) auxiliary
audit log file to collect auditing data:
#audsys -n -N2 -c
my_audit_trail
-s 5000
This example starts the audit system and records data in the my_audit_trail directory,
using two writer threads. The AFS size is set to 5000K bytes.
The audsys command recognizes the following options:
-c file|directory Specifies a "current" trail.
-f Turns off the auditing system.
-n Turns on the auditing system.
-N num Specifies the number of active files that comprise an audit
trail.
-s cafs Specifies cafs, the "current" trail's AuditFileSwitch (AFS)
size (in kbytes).
-x file|directory Specifies the "next" audit trail.
-z xafs Specifies xafs, the "next" trail's AuditFileSwitch (AFS) size
(in kbytes).
For more information, see audsys(1M) .
180 Audit Administration