HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

141

142

143

144

145

146

147

148

149

150

changes in security parameters, unknown message types, and changing of the HP-UX IPSec

password or audit level.

• error : Error audit entries report error events including recoverable error conditions, syntax

errors, unsupported features, bad packets, and unknown message types.

• warning : Warning audit entries report non-intrusive security events.

• informative : Informative audit entries provide detailed event logging for troubleshooting.

• debug : Debug audit entries provide very detailed event logging for debugging and

troubleshooting.

NOTE: Setting the audit level to informative or debug generates numerous audit entries.

You should set the audit level to informative or debug for troubleshooting only.

The audit levels are shown in ascending order. If you set the audit level to a higher level, all

lower levels are also included. For example, if you set the audit level to informative , the audit

daemon also records all alert , error and warning messages. The default audit level is error

, which includes alert messages.

Audit Files and Directory

By default, the audit daemon will create a new audit file when the size reaches 100 Kbytes. The

audit daemon will continue creating new audit files until the file system for the audit directory

are full. For this reason, you may want to mount the audit directory on a separate file system.

The default audit directory is /var/adm/ipsec.

Audit File Size

To change the maximum audit file size, use the following command:

ipsec_admin -m[axsize] max_audit_file_size

The max_audit_file_size is specified in kilobytes.

Default:

100 (kilobytes).

Dynamically Setting Audit Parameters

If HP-UX IPSec is running, you can dynamically set the audit parameters by entering the following

command:

ipsec_admin [-al audit_level] [-au audit_directory]

[-maxsize max_size]

audit _level can be alert, error, warning , informative , or debug. A selected audit

level includes all the lower audit levels.

audit_directory is the fully-qualified path name for the audit directory.

max_size is the maximum size for each audit file, in kilobytes. The range is 1 - 4294967294.

Configuring Startup Audit Parameters

To set the audit parameters used every time HP-UX IPSec starts, modify the startup record in

the configuration database by entering a command similar to the following:

ipsec_config add startup [-autoboot ON|OFF]

[-auditlvl audit_level] [-auditdir audit_directory]

[-maxsize max_size] ...

audit _level can be alert, error, warning , informative , or debug. A selected

audit level includes all the lower audit levels.

audit_directory is the fully-qualified path name for the audit directory.

148 Troubleshooting HP-UX IPSec