HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
a
audomon(1M) audomon(1M)
NAME
audomon - audit overflow monitor daemon
SYNOPSIS
/usr/sbin/audomon
[ -p fss ][-t
sp_freq ][-w warning ][-v ][-o output_tty ][
-X string ]
DESCRIPTION
audomon monitors the capacity of the current audit trail and the file system on which the audit trail is
located. It prints out warning messages when either is approaching full. It also checks the audit trail and
the file system against two switch points: FileSpaceSwitch
(FSS)
and AuditFileSwitch (AFS) If either is
reached, audit recording automatically switches to an alternative audit trail.
audomon also takes action
at the switch point if there is a task specified with the -X option.
The FileSpaceSwitch
(FSS) is specified as a percentage of the total disk space available. When the file sys-
tem reaches this percentage,
audomon looks for a backup audit trail. If it is available, recording is
switched from the audit trail to the backup trail. If it is not available, the auditing system will create a
new audit trail with the same base name but a different timestamp extension and begin recording to it.
The AuditFileSwitch (AFS) is specified (using
audsys) by the size of the audit trail. When the audit trail
reaches the specified size,
audomon looks for a backup audit trail. If one is available, recording is
switched from the audit trail to the backup trail (see audsys(1M) for more information). If it is not avail-
able, the auditing system will create a new audit trail with the same base name but a different timestamp
extension and begin recording to it.
audomon issues a warning message, when either switch point is approached.
audomon is typically spawned by /sbin/init.d/auditing
(as part of the init start-up process)
when the system is booted up if the parameter AUDITING is set to 1 in file
/etc/rc.config.d/auditing
. It can also be started any time by a privileged user. Once invoked,
audomon monitors, periodically sleeping and ‘‘waking up’’ at intervals. Note that audomon does not pro-
duce any messages when the audit system is disabled.
audomon is restricted to privileged users.
Options
-o output_tty Specify the tty to which warning messages are directed. By default, warning messages
are sent to the console.
Note that this applies to the diagnostic messages audomon generates messages con-
cerning the status of the audit system, as well as the messages that the scheduled task
(see -X string below) may print out to the stardard output and error file. Error mes-
sages caused by wrong usage of audomon are sent to the standard output (where
audomon is invoked).
-p fss Specify the FileSpaceSwitch by a number ranging from 0 to 100. When the file system
that contains the current audit trail has less than fss percent free space remaining,
audomon looks for a backup audit trail. If available, the backup trail is designated as
the new audit trail. If no backup trail is available, the auditing system will create a new
audit trail with the same base name but a different timestamp extension and begin
recording to it.
The fss parameter must be a larger number than the min_free parameter of the file sys-
tem to ensure that the switch takes place before min_free is reached. By default, fss is
20 percent.
-t sp_freq Specify the wake-up switch-point frequency in minutes. The wake-up frequency is cal-
culated based on sp_freq and the current capacity of the audit trail and the file system.
The calculated wake-up frequency at any time before the switch points is larger than
sp_freq. As the size of the audit trail or the file system’s free space approaches the
switch points, the wake-up frequency approaches sp_freq. sp_freq can be any positive
real number.
The default sp_freq is 1 (minute).
-w warning Specify that warning messages be sent before the switch points. warning is an integer
ranging from 0 through 100.
50 Hewlett-Packard Company − 1 − HP-UX 11i Version 3: February 2007