Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and only contain new data.
So, Can I manual setting the stream.out (or /audit/trail) file size?
Why don't you write a script which will monitor the file size of stream.out and if it becomes close to 150MB, the script will make a backup copy of it before the audit subsystem over writes the file?
You may place this in your crontab for executing it in every 30 minutes or so:
#!/bin/ksh
size=$( /usr/bin/du -k /audit/stream.out | /bin/awk {print $1} )
# I'm considering the threshold size to be 148MB; you may increase the
# frequency of the cron job while increasing the threshold size.
if [ $size -ge 151552 ]; then
cp /audit/stream.out /audit/stream.out.`date +"%F-%H-%M-%S"`
fi
exit 0
Hi, admin_xor
Thanks for your reply.
If possible best way is use audit subsystem to change the restrict of file size.
Use script to copy a stream.out to a new file (ex. stream.out.1).
It has a problem, when stream.out copy to stream.out.1 there may have some record loss..