Safeguard Audit Service Manual (G06.24+, H06.03+)
Audit Service Command Syntax
Safeguard Audit Service Manual—520480-014
4-8
DELETE AUDIT POOL Command
1. Before shutting down the system, check that the current audit pool resides on a
disk that is connected to the same processor as the $SYSTEM disk.
2. When the system cold start is complete (all processors), you can select a new
audit pool on another disk volume if necessary.
•
All attempts to execute this command are audited.
Examples
1. This command turns on WRITE-THROUGH CACHE and specifies that audit files
are recycled if a disk overflow occurs:
=ALTER AUDIT SERVICE, WRITE-THROUGH CACHE ON, &
=RECOVERY RECYCLE
2. This command specifies that Safeguard grants are suspended if the volume on
which the current audit pool resides becomes inaccessible:
=ALTER AUDIT SERVICE, RECOVERY DENY GRANTS
DELETE AUDIT POOL Command
DELETE AUDIT POOL deletes a specified audit pool. This command cannot be used
to delete the current audit pool.
Members of either security group can execute this command.
$vol.subvol
specifies the audit pool to be deleted. This audit pool must be accessible, and all
audit files in the audit pool must be released.
Consideration
All attempts to execute this command are audited.
Note. Check that the current audit pool resides on the $SYSTEM disk when
Safeguard is configured as a persistent process and STARTMODE is KERNEL. If the
current audit pool resides on a non-$SYSTEM disk and STARTMODE is KERNEL, the
audit state can become suspended and require manual intervention (SAFECOM
NEXTFILE) to resume full auditing. If the current audit pool resides on a
non-$SYSTEM disk, the recommended value for STARTMODE is SYSTEM.
DELETE AUDIT POOL $vol.subvol