The Question is:
We have enabled security auditing for such things as failure to create and so
on. We recently had a situation where a batch job was trying to create a
directory - it failed due insufficient permission but the program had a loop
and just keep trying again
This filled the audit log and thus the system disk became full and the system
I know we can put a wait in the loop or test $status or privilges before
attemting the creation, or alter audit to cope but we do need to capture all
security imformation - but there again any user could still write a program
that causes us this problem.
I know we could write a program that would check free disk space on the system
disk and the size the audit file is increasing and then create a new audit
file check availabilty of free space on other disks and create a temp dir and
copy the old audit file
to there and email system management personell.
But this seems messy so...
Are you aware of any DCL that could check that the same sec audit event was
being created? ie the program is in a loop?
PS we don't want to move the security file off the system disk.
The Answer is :
OpenVMS security audiding offers various disposal operations, including
suspending the process(es) generating the messages or discarding various
auditing messages. Please see the security manual for details.
You will want to consider moving the auditing file off the system disk,
as this can avoid problems that can arise when the system disk becomes
filled, and as this can ease the management and predictability of your
local disk storage resources.