HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
a
audsys(1M) audsys(1M)
Example 3:
Turn on the auditing system in compatibility mode.
# audsys -n -N 0 -c /var/.audit/my_trail -s 1000
This is the same as Example 1 except that
/var/.audit/my_trail
will be present on the file system
as a regular file instead of a directory.
WARNINGS
Compatibility mode and the
-x option are solely supported for backward compatibility and will be obsoleted
in any future releases after HP-UX 11i Version 3.
All modifications made to the audit system are lost upon reboot. To make the changes permanent, set
AUDITING, PRI_AUDFILE , PRI_SWITCH , SEC_AUDFILE ,
SEC_SWITCH , and NTRHEADS in
/etc/rc.config.d/auditing
.
A user process will be blocked in the kernel if all of the following events occur:
• The file system containing the current audit trail is full.
• If the "next" audit trail is specified, the file system containing this audit trail is full.
• The user process makes an auditable system call or generates an auditable event.
A user process will also be blocked in the kernal if both of these events occur:
• The pre-allocated kernel audit data buffer is full.
• The user process makes an auditable system call or generates an auditable event.
In order to recover from the resulting deadlock, it will be necessary to kill the session leader of the console
so that the administrator can login. For this reason sensitive applications must not be run as session
leaders on the console.
AUTHOR
audsys was developed by HP.
SEE ALSO
audomon(1M), tunefs (1M), audctl(2), audwrite(2), setsid(2), audit(5).
HP-UX 11i Version 3: February 2007 − 3 − Hewlett-Packard Company 55