I am running Solaris 8 on a sun box and having an audit problem. Per
NISPOM standards I have to do auditing on events, and as you know BSM
turned on creates tons of events so I have a filter_audit script I run
to filter these events based on keywords. This process normally take a
few hours for a 1-2 GB weekly audit file.
The other day I ran the script like normal and it ripped through it in
about 2 seconds, creating a reduced audit file with nothing in it. I
tried again and the same thing happened. While doing some
troubleshooting I think I found the problem and that is the executable
"auditreduce", which my script calls, only produces 2 events, 1 from
1970 and 1 from the current date. This happens when i run ##
auditreduce -R /archive1/auditlogs (the place where my logs are
stored).
When I run the same command on a similar machine I actually get tons
of filtered events like normal. Both auditreduces are identical as are
the scripts calling it.
Many google searches have turned up nothing. Any help would be great.
|
|
0
|
|
|
|
Reply
|
 rdbrown06
|
9/9/2009 1:52:24 PM |
|
On Wed, 9 Sep 2009 06:52:24 -0700 (PDT)
rdbrown06 <rdbrown06@gmail.com> wrote:
> The other day I ran the script like normal and it ripped through it in
> about 2 seconds, creating a reduced audit file with nothing in it. I
> tried again and the same thing happened. While doing some
> troubleshooting I think I found the problem and that is the executable
> "auditreduce", which my script calls, only produces 2 events, 1 from
> 1970 and 1 from the current date. This happens when i run ##
> auditreduce -R /archive1/auditlogs (the place where my logs are
> stored).
The behaviour you describe is what happens when auditing has not been
turned on. Are you sure no-one ran bsmunconv? Are you sure there is
audit data in /archive1/auditlogs?
> When I run the same command on a similar machine I actually get tons
> of filtered events like normal. Both auditreduces are identical as are
> the scripts calling it.
It's unlikely that the programs are to blame. You either have no audit
data, or are looking in the wrong directory.
--
Stefaan A Eeckels
--
Ninety-Ninety Rule of Project Schedules:
The first ninety percent of the task takes ninety percent of
the time, and the last ten percent takes the other ninety percent.
|
|
|
0
|
|
|
|
Reply
|
Stefaan
|
9/26/2009 2:01:26 PM
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25709 articles. 
78 followers. 
1 Replies
226 Views
see-my-signature
harshana
koom2020
hhh.database
kona_iron
zrnaqvi
getridofthespam
kamesh.84