HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

121

122

123

124

125

126

127

128

129

130

You can change the audit parameters while HP-UX IPSec is active using the ipsec_admin

command. To change the audit parameters used every time HP-UX IPSec starts, use the

ipsec_config add startup command. You can also specify audit parameters with the

ipsec_admin start command.

Audit Level

The HP-UX IPSec audit levels are defined as follows:

• alert : Alert audit entries report events that may require administrator attention, including

security violations and attacks, password violations, errors that may prevent correct operation

of the product, any error condition that is not recoverable, authentication problems, significant

changes in security parameters, unknown message types, and changing of the HP-UX IPSec

password or audit level.

• error : Error audit entries report error events including recoverable error conditions, syntax

errors, unsupported features, bad packets, and unknown message types.

• warning : Warning audit entries report non-intrusive security events.

• informative : Informative audit entries provide detailed event logging for troubleshooting.

• debug : Debug audit entries provide very detailed event logging for debugging and

troubleshooting.

NOTE: Setting the audit level to informative or debug generates numerous audit entries. You

should set the audit level to informative or debug for troubleshooting only.

The audit levels are shown in ascending order. If you set the audit level to a higher level, all lower

levels are also included. For example, if you set the audit level to informative , the audit daemon

also records all alert , error and warning messages. The default audit level is error , which

includes alert messages.

Audit Files and Directory

By default, the audit daemon will create a new audit file when the size reaches 100 Kbytes. The

audit daemon will continue creating new audit files until the file system for the audit directory are

full. For this reason, you may want to mount the audit directory on a separate file system. The

default audit directory is /var/adm/ipsec.

Audit File Size

To change the maximum audit file size, use the following command:

ipsec_admin -m[axsize] max_audit_file_size

The max_audit_file_size is specified in kilobytes.

Default:

100 (kilobytes).

Dynamically Setting Audit Parameters

If HP-UX IPSec is running, you can dynamically set the audit parameters by entering the following

command:

ipsec_admin [-al audit_level] [-au audit_directory]

[-maxsize max_size]

audit _level can be alert, error, warning , informative , or debug. A selected

audit level includes all the lower audit levels.

audit_directory is the fully-qualified path name for the audit directory.

max_size is the maximum size for each audit file, in kilobytes. The range is 1 - 4294967294.

Troubleshooting Procedures 125