Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandsaudit_warn(1M)


NAME

 audit_warn - audit daemon warning script

SYNOPSIS

 /etc/security/audit_warn [option [arguments] ]

DESCRIPTION

 

The audit_warn script processes warning or error messages from the audit daemon. When a problem is encountered, the audit daemon, auditd(1M) calls audit_warn with the appropriate arguments. The option argument specifies the error type.

The system administrator can specify a list of mail recipients to be notified when an audit_warn situation arises by defining a mail alias called audit_warn in aliases(4). The users that make up the audit_warn alias are typically the audit and root users.

OPTIONS

 
allhard count
Indicates that the hard limit for all filesystems has been exceeded count times. The default action for this option is to send mail to the audit_warn alias only if the count is 1, and to write a message to the machine console every time. It is recommended that mail not be sent every time as this could result in a the saturation of the file system that contains the mail spool directory.
allsoft
Indicates that the soft limit for all filesystems has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
auditoff
Indicates that someone other than the audit daemon changed the system audit state to something other than AUC_AUDITING. The audit daemon will have exited in this case. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
ebusy
Indicates that the audit daemon is already running. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
getacdir count
Indicates that there is a problem getting the directory list from audit_control(4). The audit daemon will hang in a sleep loop until the file is fixed. The default action for this option is to send mail to the audit_warn alias only if count is 1, and to write a message to the machine console every time. It is recommended that mail not be sent every time as this could result in a the saturation of the file system that contains the mail spool directory.
hard filename
Indicates that the hard limit for the file has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
nostart
Indicates that auditing could not be started. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console. Some administrators may prefer to modify audit_warn to reboot the system when this error occurs.
postsigterm
Indicates that an error occurred during the orderly shutdown of the audit daemon. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
soft filename
Indicates that the soft limit for filename has been exceeded. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.
tmpfile
Indicates that the temporary audit file already exists indicating a fatal error. The default action for this option is to send mail to the audit_warn alias and to write a message to the machine console.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWcsr

SEE ALSO

 

audit(1M), auditd(1M), bsmconv(1M), aliases(4), audit.log(4), audit_control(4), attributes(5)

NOTES

 

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.


SunOS 5.9Go To TopLast Changed 28 Jan 1994

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.