OSF DCE Administration Guide--Core Components

OSF DCE Administration Guide—Core Components

43.5.5 Enabling Audit Filters

If you want to enable the audit ﬁlters, you must ﬁrst set the DCEAUDITFILTERON

environment variable. You must set this variable before starting the server (that is, the

audit client).

43.5.5.1 Removing the Update Binding File

If a server (audit client) is running with ﬁlters enabled (that is, DCEAUDITFILTERON

was set), libaudit (which is linked to the server) obtains the server’s binding information

and stores it in the following:

/opt/dcelocal/var/audit/client/pid-of-server/update_binding_ﬁle

where pid-of-server is the process ID of the server.

If the server ends abnormally, this ﬁle must be removed manually. If this is not removed,

you will receive an error message the next time you restart the server with

DCEAUDITFILTERON. The message indicates that the audit daemon is unable to

inform the audit client of ﬁlter updates:

unable to inform process

/opt/dcelocal/var/audit/client/pid-of-server/update_binding_file

about esl update.

You can also check for stale update binding ﬁles by checking what servers are running

(for example, using ps -e) and comparing their process IDs with the pathnames of the

update binding ﬁles. Because the pathname of these ﬁles contain a pid-of-server

component, you can determine what ﬁles correspond to nonexistent servers.

Both the binding information ﬁle and the directory containing it (pid-of-server) must be

removed.

43.5.5.2 Buffering of the Audit Trail

The operating system buffers the audit trail data while it is written before writing it to

disk. For this reason, the growth of the audit trail ﬁle will not become apparent until the

data is ﬂushed to disk.

43.6 Enabling and Disabling the Audit Logging Service

Use dcecp to enable or disable the audit record logging service of the audit daemon. The

aud enable command enables the logging service, and the aud disable command

43 − 8 Tandem Computers Incorporated 124243