Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Managing the Audit Trail
Safeguard Audit Service Manual — 520480-031
3 - 7
Specifying Audit Service Recovery
for these situations and no next audit pool is selected, the Safeguard software attempts
to recycle the audit files in the current audit pool. If it cannot recycle the files, the
Safeguard software automatically suspends auditing.
Overflow means the current audit file is full and no additional unreleased audit files are
available in the current audit pool. Down volume means the disk volume containing the
current audit pool has become inaccessible.
You can choose one of these recovery actions:
RECYCLE
causes the Safeguard software to select the oldest unreleased audit file in the
current audit pool, purge the data from it, and give it the next available audit file
name. This recovery action applies only in an overflow situation. If a down volume
occurs when RECYCLE is the specified recovery action, the Safeguard software
suspends auditing. RECYCLE is the initial (default) setting for RECOVERY.
SUSPEND AUDIT
causes the Safeguard software to suspend further auditing until the situation is
corrected.
DENY GRANTS
causes the Safeguard software to deny most authorization and authentication
requests for which auditing is required. The only audited actions allowed are the
successful execution of commands by members of the
SECURITY-ADMINISTRATOR or SYSTEM-OPERATOR security groups. If you select
this recovery action, the audit service switches to the audit pool at $SYSTEM.SAFE
and continues writing audit records there for commands successfully executed by
members of the security groups.
If an overflow or down volume causes auditing to be switched to the audit pool at
$SYSTEM.SAFE, manually switch back to another audit pool af
ter the condition is
corrected. To do so, use the SELECT CURRENT AUDIT POOL command as described
in Selecting an Audit Pool on page 3-6.
ALTER AUDIT SERVICE also has optional p
arameters that allow you to control the
caching of audit records—that is, the method by which records are to be written to an
audit file. By default, the Safeguard software caches audit records in memory to
optimize system performance. If you are more concerned about the absolute integrity
of audit records than optimized performance, specify that the records be written directly
to disk. For more information on these optional parameters, see the Safeguard
Reference Manual.
Note. The behavior of the Safeguard audit service is unaltered when audit files are
restored/duplicated. Audit service does not consider the duplicated files as audit files though
they have the file code 541 (file code for the audit file).