 | | | what is /var/log/audit.d/save.* files????? | what is /var/log/audit.d/save.* files????? 2005-03-10 - By Jerry Uanino
Back
check out the aucat and augrep commands. That reads from those files.
it's nifty.
On Thu, 10 Mar 2005 19:14:09 +0100, Helmut Wirth <wirth@(protected)> wrote:
> mcclnx mcc wrote:
> >
> > We have AS 3.0 UP4 installed. I found there have lots
> > file under /var/log/audit.d take space.
> >
> > Can anyone tell me
> > 1. what are "save.*" and "bin.*" doing?
>
> look at the description of the LAUS system, i found "man 7 laus" a good
> startpoint. Basically the bin.* files are the working files in which the
> audit daemon logs his data, the save.* files are backups from older
> bin.* files
>
> >
> > 2. Is it required?
> >
>
> Depends how you answer the question "do i need system auditing?". I for
> my behalf (we run production webservices on rhel3) answered "no" (to find
> your answer, read the man pages i mentioned before)
>
> > 3. Can I turn it off?
> >
>
> Yes:
>
> 1) turn off the audit daemon
> /sbin/service audit stop
> /sbin/chkconfig --level 235 audit off
> 2) disable the kernel audit device in modules.conf:
> alias char-major-10-224 off
>
> after that depmod -a
>
> Ciao,
> --
> Helmut Wirth
>
> wirth@(protected)
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---
> bison GmbH phone +49 89 / 50 03 91-14
> Planegger Str. 16 fax +49 89 / 50 03 91-17
> D-82110 Germering http://www.bison-soft.de/
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> http://www.redhat.com/mailman/listinfo/taroon-list
>
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|