[HPADM] kernel-level auditing to different location

From: Michael Jeffries (M) (jeffrimj@telkom.co.za)
Date: Wed Dec 17 2003 - 09:49:03 EST

• Next message: COUNTERMAN, DANIEL (CONTRACTOR): "[HPADM] Netbios ?"
• Previous message: Abramson, Stuart: "[HPADM] Samba problem: "Cannot Copy File. The path is too deep.""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi there,

I have a problem. by default Kernel-level auditing logs to
/.secure/etc/audfile1, /.secure/etc/audfile2. Now this is / ,so if it
fills up root, my server is stuffed.

I created a dir /var/secure/etc/ and changed the
/etc/rc.config.d/auditing file to log to this new location.

PRI_AUDFILE=/var/secure/etc/audfile1
PRI_SWITCH=1000
SEC_AUDFILE=/var/secure/etc/audfile2
SEC_SWITCH=1000

The problem is that it is still logging to root. Is there a process
that has to be kill -HUP for kernel-level auditing to now log to the
new location?

Thanks a ton for your help
Mike

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

• Next message: COUNTERMAN, DANIEL (CONTRACTOR): "[HPADM] Netbios ?"
• Previous message: Abramson, Stuart: "[HPADM] Samba problem: "Cannot Copy File. The path is too deep.""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:37 EDT