Hi
Has anyone implemented PolyCenter Security Intrusion Detector (SID) on their
OSF system ?
I have a problem which I would like to discuss in this mailing list. In
order to run the SID, the auditd daemon need to be running. And the SID
will automatically turn on the mask to capture quite a lot of events.
This has resulted in my auditlog.xxx file to be increasing at the rate of
almost 30MB within one day. This is because my server is running innd
and heavily loaded with lot of transaction such as open, write, read, etc.
My questions are :
1. Is there anyway to manager the auditlog.xxx file ? Read that we can
specify the -f option so as to enable auditd to overwrite the log file
when the partition reaches a certain percentage. But my log file resides
in /var/audit which share the filesystem as /var. How can I accurately
set a percentage ?
2. Is there anyway to limit the mask which are turned on by the SID ?
Thank you.
Have a nice day.
Regards
Chua Koon Teck
SingNet
Singapore Telecom
Received on Sat Apr 22 1995 - 11:57:05 NZST