Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
551552553554555556557558559560
DCE Audit Service Administrative Tasks
disables it.
You may want to disable the logging service when the audit trail file becomes too large,
and then enable it again after the audit trail has been backed up and rewound (using the
aud rewind command).
Using the enable or disable commands enable or disable audit record logging to the
central audit trail file. Applications such as the security server and the time server use
their own audit trail files and are not affected by use of enable or disable.
The aud stop command stops the audit daemon.
43.7 Modifying and Querying Audit Daemon Attributes
The DCE audit daemon has two attributes that relate to the audit trail file:
stostrategy—Specifies the storage strategy when the size of the audit trail file has
reached its limit. You can specify either of the following storage strategies:
save If the specified trail size limit is reached, the audit daemon saves the
current trail file to a new file (renaming it to its original name with a
timestamp appended at the end of the name). The audit daemon then
deletes the contents of the original trail file and continues auditing
from the beginning of this file. This is the default value for
stostrategy.
wrap The audit daemon will overwrite the old audit trails.
state—Indicates whether the audit daemon is servicing audit record logging requests
from audit clients. The possible values for this attribute are enabled (default value)
or disabled.
You can use dcecp to see the value of these settings, as follows:
dcecp> aud show
{state enabled}
{stostrategy save}
Use the aud modify command to change these attributes.
43.8 Controlling and Displaying Audit Trails
Audit daemons log audit records sent from audit clients into an audit trail file. If the
audit daemon is started without any argument, then the default audit trail file used is
dcelocal/var/audit/adm/central_trail. You can also direct the audit trail to another file
by using the -t option of the auditd command when starting daemon; the trail argument
to the -t option specifies the pathname of the file to which the logs should be written.
124243 Tandem Computers Incorporated 439