HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
a
audsys(1M) audsys(1M)
Use this option along with the -n
option to turn on auditing, or use this option by
itself to change the number of active files when the auditing system is running in reg-
ular mode. The recommended value for num is approximately the number of proces-
sors on the system divided by two.
-s cafs Specify cafs, the "current" trail’s AuditFileSwitch (AFS) size (in kbytes).
-x file|directory
Specify the "next" audit trail. Any existing "next" trail is replaced by the trail
specified. The specified trail must be empty or nonexistent unless it is the "current" or
"next" trail already in use by the auditing system.
This option is supported solely for backward compatibility and will be obsoleted in any
future releases after HP-UX 11i Version 3.
Without specifying the "next" audit trail, the auditing system will take the "current"
audit trail’s base name with a different timestamp extension as the "next" audit trail.
The name of the "next" audit trail will be determined at the next switch point. See
audomon(1M) for more details.
-z xafs Specify xafs, the "next" trail’s AuditFileSwitch (AFS) size (in kbytes).
If
-c is specified without -x , only the "current" audit file is changed; the existing "next" audit file remains.
If -x is specified without -c, only the "next" audit trail is changed; the existing "current" audit trail
remains.
The -c option can be used to manually switch from the "current" to the "next" trail by specifying the "next"
trail as the new "current" trail. In this case, the trail specified becomes the new "current" trail and the
"next" trail is set to NULL.
In instances where no "next" trail is desired, the -x option can be used to set the "next" trail to NULL by
specifying the existing "current" trail as the new "next" trail. In this case, the auditing system will create a
new trail with the "current" trail’s base name but a different timestamp extension as the "next" trail.
The user must be careful to select audit trails that reside on file systems large enough to accommodate the
AuditFileSwitch (AFS) desired.
audsys returns a non-zero status and no action is performed if any of the following situations occur:
The AuditFileSwitch (AFS) size specified for either audit trail exceeds the space available on the file
system where the trail resides.
The AFS size specified for either audit trail is less than the trail’s current size.
The audit trail resides on a file system with no remaining user space (exceeds minfree , see the "
-m
option in tunefs(1M)).
EXAMPLES
Example 1:
Turn on the auditing system and start recording data to /var/.audit/my_trail
using 2 writer
threads. Also set the AuditFileSwitch (AFS) size to 1000 kbytes.
# audsys -n -N 2 -c /var/.audit/my_trail -s 1000
With AuditFileSwitch (AFS) size set to 1000 kbytes, The auditing system (See also audomon(1M)) is going
to monitor the growth of
/var/.audit/my_trail in size. When the size has reached approximately
1000 kbytes, the auditing system will try to switch recording data to:
/var/.audit/my_trail.yyyymmddHHMM
where yyyymmddHHMM are replaced by the time when the switch has happened.
Example 2:
Turn off the auditing system.
# audsys -f
This will cause any buffered data to be written out to the current audit trail. And the auditing system will
stop recording any data after that.
54 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007