HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)
a
audomon(1M) audomon(1M)
NAME
audomon - audit overflow monitor daemon
SYNOPSIS
/usr/sbin/audomon
[ -p fss ][-t
sp_freq ][-w warning ][-v ][-o output_tty ]
DESCRIPTION
audomon monitors the capacity of the current audit file and the file system on which the audit file is
located, and prints out warning messages when either is approaching full. It also checks the audit file and
the file system against 2 switch points: FileSpaceSwitch
(FSS)
and AuditFileSwitch (AFS) and if either is
reached, audit recording automatically switches to the backup audit file if it is available.
The FileSpaceSwitch
(FSS) is specified as a percentage of the total disk space available. When the file sys-
tem reaches this percentage,
audomon looks for a backup audit file. If it is available, recording is
switched from the audit file to the backup file.
The AuditFileSwitch
(AFS) is specified (using audsys(1M)) by the size of the audit file. When the audit file
reaches the specified size,
audomon
looks for a backup audit file. If it is available, recording is switched
from the audit file to the backup file (see audsys(1M) for further information on use of this parameter).
If either switch point is reached but no backup file is available,
audomon issues a warning message.
audomon is typically spawned by /sbin/init.d/auditing
(as part of the init(1M) start-up process)
when the system is booted up. Once invoked,
audomon monitors, periodically sleeping and ‘‘waking up’’ at
intervals. Note that audomon does not produce any messages when the audit system is disabled.
audomon is restricted to privileged users.
Options
-p fss Specify the FileSpaceSwitch by a number ranging from 0 to 100. When the audit file’s file
system has less than fss percent free space remaining,
audomon looks for a backup file. If
available, the backup file is designated as the new audit file. If no backup file is available,
audomon issues a warning message.
The fss parameter should be a larger number than the min_free parameter of the file sys-
tem to ensure that the switch takes place before min_free is reached. By default, fss is 20
percent.
-t sp_freq Specify the wake-up switch-point frequency in minutes. The wake-up frequency at any
other time is calculated based on sp_freq and the current capacity of the audit file and the
file system. The calculated wake-up frequency at any time before the switch points is
larger than sp_freq. As the size of the audit file or the file system’s free space approaches
the switch points, the wake-up frequency approaches sp_freq. sp_freq can be any positive
real number. Default sp_freq is 1 (minute).
-w warning Specify that warning messages be sent before the switch points. warning is an integer
ranging from 0 through 100. The higher the warning, the closer to the switch points warn-
ing messages are issued. For example, warning = 50 causes warning messages to be sent
half-way before the switch points are reached. warning = 100 causes warning messages to
be sent only after the designated switch points are reached and a switch is not possible due
to a missing backup file. By default, warning is 90.
-v Make audomon more verbose. This option causes audomon to also print out the next
wake-up time.
-o output_tty Specify the tty to which warning messages are directed. By default, warning messages are
sent to the console. Note that this applies only to the diagnostic messages audomon gen-
erates concerning the status of the audit system. Error messages caused by wrong usage of
audomon are sent to the standard output (where audomon is invoked).
WARNINGS
All modifications made to the audit system are lost upon reboot. To make the changes permanent, set
AUDOMON_ARGS in /etc/rc.config.d/auditing.
AUTHOR
audomon was developed by HP.
HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 75