HP OpenVMS Systems

ask the wizard
Content starts here

Controlling Auditing and Audit Log Space?

» close window

The Question is:

We have enabled security auditing for such things as failure to create and so
 on.  We recently had a situation where a batch job was trying to create a
 directory - it failed due insufficient permission but the program had a loop
 and just keep trying again
 and again.
This filled the audit log and thus the system disk became full and the system
 became unstable.
I know we can put a wait in the loop or test $status or privilges before
 attemting the creation, or alter audit to cope but we do need to capture all
 security imformation - but there again any user could still write a program
 that causes us this problem.
I know we could write a program that would check free disk space on the system
 disk and the size the audit file is increasing and then create a new audit
 file check availabilty of free space on other disks and create a temp dir and
 copy the old audit file
 to there and email system management personell.
But this seems messy so...
Are you aware of any DCL that could check that the same sec audit event was
 being created? ie the program is in a loop?
PS we don't want to move the security file off the system disk.

The Answer is :

  OpenVMS security audiding offers various disposal operations, including
  suspending the process(es) generating the messages or discarding various
  auditing messages.  Please see the security manual for details.
  You will want to consider moving the auditing file off the system disk,
  as this can avoid problems that can arise when the system disk becomes
  filled, and as this can ease the management and predictability of your
  local disk storage resources.

answer written or last revised on ( 30-DEC-2003 )

» close window