BSM Audit Troubleshooting helpFrom: Anupam (firstname.lastname@example.org)
- Previous message: Darren Moffat: "Re: Trouble changing BSM/audit options without reboot"
- Next in thread: Anupam: "Re: BSM Audit Troubleshooting help"
- Reply: Anupam: "Re: BSM Audit Troubleshooting help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Anupam" <email@example.com> To: <firstname.lastname@example.org> Date: Mon, 11 Feb 2002 05:48:21 -0500
We enabled BSM auditing on a remotely administered Solaris 8 server. We took
the machine down to single-user mode and enabled auditing, then rebooted the
machine. For a certain period of time the system was logging data.
The audit file /var/audit/*not* just stopped growing. I tried running the
- auditconfig -chkconf (No output when the command is run)
- audit -s (Created a new audit file with just the time stamp)
- modinfo | fgrep -i audit
54 78180000 11f8c 186 1 c2audit (C2 system call)
Unfortunately we can't reboot the machine at will, because it is a
Any suggestion on how to troubleshoot this would be greatly appreciated.
BTW is there any real reason to bring down the machine to single-user mode
before enabling BSM? Is it necessary to ensure that the system is quiet, or
is it something more important?
I have included below data from the audit_control, audit_user and
audit_startup files if it helps.
FWIW Software on the box:
- Veritas DB Edition for Oracle
- Oracle 8i
- BMC patrol for monitoring
auditconfig -setpolicy none
auditconfig -setpolicy +cnt