audomon(1M) audomon(1M)
NAME [Toc] [Back]
audomon - audit overflow monitor daemon
SYNOPSIS [Toc] [Back]
/usr/sbin/audomon [-p fss] [-t sp_freq] [-w warning] [-v] [-o
output_tty]
DESCRIPTION [Toc] [Back]
audomon monitors the capacity of the current audit file and the file
system on which the audit file is located, and prints out warning
messages when either is approaching full. It also checks the audit
file and the file system against 2 switch points: FileSpaceSwitch
(FSS) and AuditFileSwitch (AFS) and if either is reached, audit
recording automatically switches to the backup audit file if it is
available.
The FileSpaceSwitch (FSS) is specified as a percentage of the total
disk space available. When the file system reaches this percentage,
audomon looks for a backup audit file. If it is available, recording
is switched from the audit file to the backup file.
The AuditFileSwitch (AFS) is specified (using audsys(1M)) by the size
of the audit file. When the audit file reaches the specified size,
audomon looks for a backup audit file. If it is available, recording
is switched from the audit file to the backup file (see audsys(1M) for
further information on use of this parameter).
If either switch point is reached but no backup file is available,
audomon issues a warning message.
audomon is typically spawned by /sbin/init.d/auditing (as part of the
init(1M) start-up process) when the system is booted up. Once
invoked, audomon monitors, periodically sleeping and ``waking up'' at
intervals. Note that audomon does not produce any messages when the
audit system is disabled.
audomon is restricted to privileged users.
Options [Toc] [Back]
-p fss Specify the FileSpaceSwitch by a number ranging from 0
to 100. When the audit file's file system has less
than fss percent free space remaining, audomon looks
for a backup file. If available, the backup file is
designated as the new audit file. If no backup file is
available, audomon issues a warning message.
The fss parameter should be a larger number than the
min_free parameter of the file system to ensure that
the switch takes place before min_free is reached. By
default, fss is 20 percent.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
audomon(1M) audomon(1M)
-t sp_freq Specify the wake-up switch-point frequency in minutes.
The wake-up frequency at any other time is calculated
based on sp_freq and the current capacity of the audit
file and the file system. The calculated wake-up
frequency at any time before the switch points is
larger than sp_freq. As the size of the audit file or
the file system's free space approaches the switch
points, the wake-up frequency approaches sp_freq.
sp_freq can be any positive real number. Default
sp_freq is 1 (minute).
-w warning Specify that warning messages be sent before the switch
points. warning is an integer ranging from 0 through
100. The higher the warning, the closer to the switch
points warning messages are issued. For example,
warning = 50 causes warning messages to be sent halfway
before the switch points are reached. warning =
100 causes warning messages to be sent only after the
designated switch points are reached and a switch is
not possible due to a missing backup file. By default,
warning is 90.
-v Make audomon more verbose. This option causes audomon
to also print out the next wake-up time.
-o output_tty Specify the tty to which warning messages are directed.
By default, warning messages are sent to the console.
Note that this applies only to the diagnostic messages
audomon generates concerning the status of the audit
system. Error messages caused by wrong usage of
audomon are sent to the standard output (where audomon
is invoked).
WARNINGS [Toc] [Back]
All modifications made to the audit system are lost upon reboot. To
make the changes permanent, set AUDOMON_ARGS in
/etc/rc.config.d/auditing.
AUTHOR [Toc] [Back]
audomon was developed by HP.
SEE ALSO [Toc] [Back]
audsys(1M), audit(5).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |