Hi Folks,
I am using AIX audit system in bin mode, having 2 bin files configured, to be dumped into a trace file when they reach their max size (10MB). The trace file is then archived and deleted.
Sometimes the audit system just will not switch between bin files when it reaches the size limit and therefore there is no trace file created.
Then it tends to grow the bin file endlessly, but the 2GB limit is a problem.
The real question is, what can I do with huge audit bin files (over 2GIGs), which are unreadable for auditcat or auditpr commands because of the big size?
Thank in advance,
--Trifo
I am using AIX audit system in bin mode, having 2 bin files configured, to be dumped into a trace file when they reach their max size (10MB). The trace file is then archived and deleted.
Sometimes the audit system just will not switch between bin files when it reaches the size limit and therefore there is no trace file created.
Then it tends to grow the bin file endlessly, but the 2GB limit is a problem.
The real question is, what can I do with huge audit bin files (over 2GIGs), which are unreadable for auditcat or auditpr commands because of the big size?
Thank in advance,
--Trifo