audomon man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

audomon(1M)							   audomon(1M)

NAME
       audomon - audit overflow monitor daemon

SYNOPSIS
       fss] sp_freq] warning] output] string]

DESCRIPTION
       monitors the capacity of the current audit trail and the file system on
       which the audit trail is located.  prints  out  warning	messages  when
       either  capacity	 is approaching full.  also checks the audit trail and
       the file system against two switch points:  FileSpaceSwitch  (FSS)  and
       AuditFileSwitch	(AFS).	 If  either  switch  point  is	reached, audit
       recording automatically switches to an alternative audit	 trail.	  also
       takes  action at the switch point if there is a task specified with the
       option.

       The FileSpaceSwitch (FSS) is specified as a  percentage	of  the	 total
       disk  space  available.	 When the file system reaches this percentage,
       looks for a backup audit trail.	If the backup audit  trail  is	avail‐
       able,  recording	 is switched from the audit trail to the backup trail.
       If the backup audit trail is not available, then	 the  auditing	system
       creates a new audit trail with the same base name but a different time‐
       stamp extension.	 The auditing system begins recording to the new audit
       trail.

       The  AuditFileSwitch (AFS) is specified (using by the size of the audit
       trail.  When the audit trail reaches the specified size,	 looks	for  a
       backup audit trail.  If a backup audit trail is available, recording is
       switched from the audit trail to the backup trail (see  audsys(1M)  for
       more  information).  If a backup audit trail is not available, then the
       auditing system creates a new audit trail with the same base name but a
       different timestamp extension.  The auditing system begins recording to
       the new audit trail.

       issues a warning message, when either switch point is approached.

       is typically spawned by (as part of the start-up process) when the sys‐
       tem is booted up if the parameter AUDITING is set to 1 in file can also
       be started any time by a	 privileged  user.   Once  invoked,  monitors,
       periodically sleeping and "waking up" at intervals.  Note that does not
       produce any messages when the audit system is disabled.

       is restricted to privileged users.

   Options
       recognizes the following options:
       Specify the file or tty to which warning	 messages  are	directed.   By
       default, warning messages are sent to the console.

	      Note  that the warning messages apply to the diagnostic messages
	      that generates messages concerning the status of the audit  sys‐
	      tem, as well as the messages that the scheduled task (see below)
	      may print out to the standard output and error file.  Error mes‐
	      sages  caused  by wrong usage of are sent to the standard output
	      (where is invoked).

	      Note: The file given to  the  option  must  exist	 and  must  be
	      writable	by  the	 user who started (normally root during system
	      startup) according to the system call.  See access(2).

       Specify the
	      FileSpaceSwitch by a number ranging from 0  to  100.   When  the
	      file  system that contains the current audit trail has less than
	      fss percent free space  remaining,  looks	 for  a	 backup	 audit
	      trail.   If available, the backup trail is designated as the new
	      audit trail.  If no backup trail is available, the auditing sys‐
	      tem creates a new audit trail with the same base name but a dif‐
	      ferent timestamp extension and begins recording to it.

	      The fss parameter must be a  larger  number  than	 the  min_free
	      parameter	 of  the  file	system to ensure that the switch takes
	      place before min_free is reached.	 By default, fss  is  20  per‐
	      cent.

       Specify the wake-up switch-point frequency in minutes.
	      The  wake-up  frequency  is  calculated based on sp_freq and the
	      current capacity of the audit trail and the file system.

	      The calculated wake-up frequency at any time before  the	switch
	      points  is  larger than sp_freq.	As the size of the audit trail
	      or the file system's free space approaches  the  switch  points,
	      the  wake-up  frequency  approaches sp_freq.  sp_freq can be any
	      positive real number.

	      The default sp_freq is 1 (minute).

       Specify that warning messages be sent before the switch points.
	      warning is an integer ranging from 0 through 100.

	      The higher the warning, the closer to the switch points  warning
	      messages	are  issued.   For  example,  warning set to 50 causes
	      warning messages to be sent half-way before  the	switch	points
	      are  reached.   warning set to 100 causes warning messages to be
	      sent only after the designated switch points are reached	and  a
	      switch is not possible due to a missing backup trail.

	      By default, warning is 90.

	      Note:   The  warning message is not sent if the audit trail size
	      grows beyond  the	 switch	 points	 in  between  two  consecutive
	      audomon  wakeup  intervals.   In	this  case,  only performs the
	      switch to next audit trail.

       Make   more verbose.  This option causes to also	 print	out  the  next
	      wake-up time.

       Specify a command line to run after
	      a	 successful  audit  trail  switch.  When the trail is switched
	      from, for example, OldTrail to NewTrail, runs the command:

	      The command string must be specified as an absolute  path.   Any
	      shell  meta-characters  and  wildcards  are  expanded by but are
	      expanded by the shell.  The command is executed with a real  uid
	      and effective uid of 0 in a non-chrooted environment.

	      The command must make minimal assumptions about the environment.
	      For example, the command needs to set environment variables such
	      as its working directory, and its groups.

	      Note:   To  use this feature, do not explicitly specify the next
	      audit trail using audsys(1M)).

EXAMPLES
       Example 1:

	      The above command starts the daemon with the following  expected
	      behaviors, assuming auditing system was started using

	    ·  sleeps at least 1 minute at intervals.

	    ·  When  the  size of current audit trail reaches 1000 * 90% = 900
	       kbytes, or the file system  that	 contains  the	current	 audit
	       trail  has reached (100%-20%) * 90% = 72% full, starts printing
	       out warning messages to the console.

	    ·  When the size of current audit trail reaches  1000  kbytes,  or
	       the  file  system  that	contains  the  current audit trail has
	       reached 100% - 20% = 80% full, switches recording data to:

	       where yyyymmdd_HHMM is replaced by the time when the switch has
	       happened.

	    ·  After the switch succeeded, invokes the following command:

	       to  copy	 to  a	remote	system assuming that is what the given
	       script intends to do.

       Example 2: To stop daemon that is already running, use:

WARNINGS
       All modifications made to the audit system are lost  upon  reboot.   To
       make the changes permanent, set in

AUTHOR
       was developed by HP.

SEE ALSO
       audsys(1M), audit(5).

								   audomon(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net