NAME
audsys — start or halt the auditing system and set or display audit file information
SYNOPSIS
audsys
[-nf]
[-c
file
-s
cafs]
[-x
file
-z
xafs]
DESCRIPTION
audsys
allows the user to start or halt the auditing system,
to specify the auditing system "current" and "next" audit files
(and their switch sizes), or to display auditing system status information.
This command is restricted to super-users.
The "current" audit file is the file to which the auditing system
writes audit records.
When the "current" file grows to either its Audit File Switch
(AFS)
size or its File Space Switch
(FSS)
size (see
audomon(1M)),
the auditing system switches to write to the "next" audit file.
The auditing system switches audit files by setting the "current" file
designation to the "next" file and setting the new "next" file to
NULL.
The "current" and "next" files can reside on different file systems.
When invoked without arguments,
audsys
displays the status of the auditing system.
This status includes information describing whether auditing is on or off,
the names of the "current" and "next" audit files,
and a table listing their switch sizes and the
sizes of file systems on which they are located,
as well as the space available
expressed as a percentage of the switch sizes and file system sizes.
Options
audsys
recognizes the following options:
- -n
Turn on the auditing system.
The system uses existing "current" and "next" audit files
unless others are specified with the
-c
and
-x
options.
If no "current" audit file exists
(such as when the auditing system is first installed),
specify it by using the
-c
option.
- -f
Turn off the auditing system.
The
-f
and
-n
options are mutually exclusive.
Other options specified with
-f
are ignored.
- -c file
Specify a "current" file.
Any existing "current" file is replaced with the
file
specified; the auditing system immediately switches
to write to the new "current" file.
The specified
file
must be empty or nonexistent, unless it is the "current"
or "next" file already in use by the auditing system.
- -s cafs
Specify
cafs,
the "current" audit file switch size (in kbytes).
- -x file
Specify the "next" audit file.
Any existing "next" file is replaced with the
file
specified.
The specified
file
must be empty or nonexistent, unless it is the "current"
or "next" file already in use by the auditing system.
- -z xafs
Specify
xafs,
the "next" audit file switch size (in kbytes).
If
-c
but not
-x
is specified, only the "current" audit file is changed;
the existing "next" audit file remains.
If
-x
but not
-c
is specified, only the "next" audit file is changed;
the existing "current" audit file remains.
The
-c
option can be used to manually switch from the "current"
to the "next" file by specifying the "next" file as the new "current" file.
In this instance, the file specified becomes the new "current" file
and the "next" file is set to
NULL.
In instances where no next file is desired, the
-x
option can be used to set the "next" file to
NULL
by specifying the existing "current" file as the new "next" file.
The user should take care to select audit files that reside on file
systems large enough to accomodate the Audit File Switch
(AFS)
desired.
audsys
returns a non-zero status and no action is performed,
if any of the following situations would occur:
The Audit File Switch size
(AFS)
specified for either audit file exceeds the space available
on the file system where the file resides.
The
AFS
size specified for either audit file is less than the file's current size.
Either audit file resides on a file system with no remaining user space
(exceeds minfree).
AUTHOR
audsys
was developed by HP.
FILES
- /.secure/etc/audnames
File maintained by
audsys
containing the "current" and "next" audit file names and their switch sizes.