DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring auditing

Using auditlog to specify the size of the log file

By default, the audit event log file will grow until it consumes all space available on the device that contains it. In many cases, you may want to limit the size of the log file to avoid the problems caused by a full device. You can control the size of the audit event log file with the -x option of auditlog.

The -x option takes a positive integer as an argument; the integer specifies the size of the log file in blocks. (Each block is 512 bytes.) For example, the following command specifies that the maximum log file size is 100 blocks:

auditlog -x 100

The size of the log file must be greater than or equal to the size of the audit buffer, which is set by the system tunable parameter ADT_BSIZE. This is defined in the /etc/conf/mtune.d/audit file. If the size specified by -x is not greater than or equal to ADT_BSIZE, auditlog prints the following error message:

   invalid max_size specified
   Audit Log File Size Must Be >= n (512 byte)blocks
where n is the value of ADT_BSIZE.

The -x option is valid only if the log file is a regular file. If the log file is not a regular file and you use the -x option, auditlog prints the following warning message:

   max_size applies only to regular files

A value of 0 (zero) indicates that the audit event log file is unbounded. The log file continues to grow until there is no space left on the device.


Next topic: Using auditlog to specify the action when the log file is full
Previous topic: Writing records directly to the log file

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005