HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
a
audsys(1M) audsys(1M)
NAME
audsys - start/halt the auditing system; set/display auditing system status information
SYNOPSIS
audsys [ -n|-f ][
-N num ][-c file|directory -s cafs ][-x file|directory
-z xafs ]
DESCRIPTION
audsys allows the user to do the following operations: start or halt the auditing system; specify the audit-
ing system "current" and "next" audit trails and their switch sizes; display auditing system status informa-
tion; and, for regular mode, specify the number of active files that comprise an audit trail.
If the number of files specified is greater than or equal to one (regular mode), the audit trail will be present
on the file system as a directory with multiple files in it.
If the number specified is zero (compatibility mode), the audit trail will be contained in a single file. Com-
patibility mode is solely supported for backward compatibility and will be obsoleted in any future releases
after HP-UX 11i Version 3.
This command is restricted to privileged users.
The "current" audit trail is the file or directory to which the auditing system writes audit records. When
the "current" trail grows to either its AuditFileSwitch (AFS) size or its FileSpaceSwitch (FSS) size (see
audomon(1M)), the auditing system switches to write to the "next" audit trail.
The auditing system switches audit trails by setting the "current" trail designation to the "next" trail and
setting the new "next" trail to NULL. If the "next" trail is not specified, the auditing system will create a
new trail with the same base name but a different timestamp extension and begin recording to it.
The auditing system can also run an external command after a successful audit trail switch. See
audomon(1M) for details.
On a single system, the "current" and "next" trails can reside anywhere on the same or different file sys-
tems.
/var/.audit is the default location for audit trails.
When invoked without arguments, audsys displays the status of the auditing system. This status
includes information describing whether auditing is on or off, the names of the "current" and "next" audit
trails, and a table listing their switch sizes and the sizes of the file systems on which they are located, as
well as the space available expressed as a percentage of the switch sizes and file system sizes.
Options
audsys recognizes the following options:
-c file|directory
Specify a "current" trail. The existing "current" trail, if any, will be replaced by the
trail specified, and the auditing system will immediately switch to the new "current"
trail.
If the number of audit files specified is greater than or equal to 1 (regular mode), a
directory will be created with the "current" trail name and the audit trail files will be
stored in this directory. The specified file or directory must be empty or nonexistent
unless it is the "current" or "next" trail already in use by the auditing system.
-f Turn off the auditing system. The -f and -n options are mutually exclusive. Other
options specified with -f are ignored.
-n Turn on the auditing system. The system uses existing "current" and "next" audit
trails unless others are specified with the -c and -x options. If no "current" audit
trail exists (for example, when the auditing system is first installed), it can be
specified with the -c option.
-N num Specify the number of active files that comprise an audit trail. The auditing system
will use one or more writer threads to log data into these files. Each writer thread
will write to one file. If the number is not specified, the previous setting will be used.
If there is no previous setting, num will be set to 1.
If num is greater than or equal to 1 (regular mode), then the audit trail files
spu[0..num-1] will be created in the directory specified with the -c option. If num is
0 (compatibility mode), then the audit trail will be a file with the name specified by the
-c option.
HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 53