OSF DCE Administration Guide--Core Components
DCE Audit Service Administrative Tasks
You can also allow the audit daemon to ‘‘wrap’’ around the central trail file when its
limit (the default 2 MB or set by DCEAUDITTRAILSIZE) is reached. To do this, you
should start the audit daemon with the -wrap option:
auditd -wrap
You may also want to use this option if old audit records have little or no value and you
want to keep only relatively recent records.
A trail size limit can also be set using the -s option of the auditd command. The limit set
using this method overrides the default 2 MB limit.
If for any reason you desire to take a snapshot of the audit trail before it reaches the limit,
you can use the dcecp aud disable command to disable logging and then copy the file.
You can then use the dcecp aud rewind command to rewind the central audit trail file.
(Note that, if required, you can back up this audit file at this time. But, if backup is
desired, it is best to let the audit service automatically create new trail files and back
these up.) Then use the aud enable command to enable the audit daemon’s logging
service again.
43.8.3 Changing the Audit Trail File Storage Option
The storage strategy option can be changed while the audit daemon is running. This can
only be performed on the central audit trail file.
The following example shows how the aud modify command is used to cause the audit
trail to wrap when it reaches the limit of the file:
dcecp> aud modify -stostrategy wrap
This example command changes the value of the audit daemon’s storage strategy
attribute to wrap.
124243 Tandem Computers Incorporated 43− 11