audsys.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

audsys(1M) audsys(1M)

NAME

audsys - start/halt the auditing system; set/display auditing system status information

SYNOPSIS

audsys [ -n|-f ][

-N num ][-c ﬁle | directory -s cafs ][

-x ﬁle | directory -z xafs ]

DESCRIPTION

audsys allows the user to do the following operations: start or halt the auditing system; specify the

auditing system "current" and "next" audit trails and their switch sizes; display auditing system status

information; and, for regular mode, specify the number of active ﬁles that comprise an audit trail.

If the number of ﬁles speciﬁed by the

-N option is greater than or equal to one (regular mode), the audit

trail will be present on the ﬁle system as a directory with multiple ﬁles in it.

If the number speciﬁed is zero (compatibility mode), the audit trail will be contained in a single ﬁle.

Compatibility mode is solely supported for backward compatibility and will be obsoleted in any future

releases after HP-UX 11i Version 3.

The

audsys command is restricted to privileged users.

The "current" audit trail is the ﬁle or directory to which the auditing system writes audit records. When

the "current" trail grows to either its AuditFileSwitch (AFS) size or its FileSpaceSwitch (FSS) size (see

audomon(1M)), the auditing system switches to write to the "next" audit trail.

The auditing system switches audit trails by setting the "current" trail designation to the "next" trail and

setting the new "next" trail to NULL. If the "next" trail is not speciﬁed, the auditing system creates a new

trail with the same base name but with a different timestamp extension. Then the auditing system begins

recording to the new trail. For more details about the next trail name, refer to the

-x option explanation

in the Options section in this manpage.

The auditing system can also run an external command after a successful audit trail switch. See

audomon(1M) for details.

On a single system, the "current" and "next" trails can reside anywhere on the same or different ﬁle sys-

tems. The

/var/.audit directory is the default location for audit trails.

When invoked without arguments,

audsys displays the status of the auditing system. This status

includes the following information:

• Description as to whether auditing is on or off.

• The names of the "current" and "next" audit trails.

• A table listing the following size and space information:

• The switch sizes of the audit trails.

• The sizes of the ﬁle systems on which the audit trails are located.

• The space available expressed as a percentage of the switch sizes and ﬁle system sizes.

Options

audsys recognizes the following options:

-c file | directory

Specify the ﬁle or directory which will be the "current" audit trail. The existing

"current" trail, if any, will be replaced by the trail speciﬁed, and the auditing system

will immediately switch to the new "current" trail.

If the number of audit ﬁles speciﬁed by the

-N option, is greater than or equal to 1

(regular mode), a directory will be created with the "current" trail name and the

audit trail ﬁles will be stored in this directory. The speciﬁed ﬁle or directory must

be empty or nonexistent, unless it is the "current" or "next" trail already in use by

the auditing system.

The

-c and -s options must be speciﬁed together.

-f Turn off the auditing system. The -f and -n options are mutually exclusive. Other

options speciﬁed with -f are ignored.

-n Turn on the auditing system. The system uses existing "current" and "next" audit

trails unless other trails are speciﬁed with the -c and -x options. If no "current"

audit trail exists (for example, when the auditing system is ﬁrst installed), it can be

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
audsys(1M) audsys(1M) NAME audsys - start/halt the auditing system; set/display auditing system status information SYNOPSIS audsys [ -n|-f ] [ -N num ] [ -c file | directory -s cafs ] [ -x file | directory -z xafs ] DESCRIPTION audsys allows the user to do the following operations: start or halt the auditing system; specify the auditing system "current" and "next" audit trails and their switch sizes; display auditing system status information; and, for regular mode, specify the number of active files tha
PAGE 2
audsys(1M) audsys(1M) specified with the -c option. -N num A aA Specify the number of active files that comprise an audit trail. The auditing system will use one or more writer threads to log data into these files. Each writer thread will write to one file. If the -N num option is not specified in the current audsys command, then the previous setting for num will be used. If there is no previous setting, num will be set to 1.
PAGE 3
audsys(1M) audsys(1M) The user must be careful to select audit trails that reside on file systems large enough to accommodate the AuditFileSwitch (AFS) desired. audsys returns a non-zero status and no action is performed if any of the following situations occur: • The AuditFileSwitch (AFS) size specified for either audit trail exceeds the space available on the file system where the trail resides. • The AFS size specified for either audit trail is less than the trail’s current size.
PAGE 4
audsys(1M) audsys(1M) AUTHOR audsys was developed by HP. SEE ALSO audomon(1M), tunefs (1M), audctl(2), audwrite(2), setsid(2), audit(5).