Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 396
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - SECURITY:
- Installation (5 pages) ,
- Administration manual (452 pages)
Table of Contents
Advertisement
NOTE: CAPP Environment
In a CAPP environment, make sure that the audit trail is always fully up to
date and complete. Therefore, use sync or data with the flush param-
eter.
num_logs
Specify the number of log files to keep if you have given rotate as the
max_log_file_action. Possible values range from 0 to 99. A value less than
2 means that the log files are not rotated at all. As you increase the number of files
to rotate, you increase the amount of work required of the audit daemon. While
doing this rotation, auditd cannot always service new data that is arriving from the
kernel as quickly, which can result in a backlog condition (triggering auditd to react
according to the failure flag, described in
System Using auditctl"
is recommended. Do so by changing the value of the -b parameter in the /etc/
audit/audit.rules file.
disp_qos and dispatcher
The dispatcher is started by the audit daemon during its start. The audit daemon
relays the audit messages to the application specified in dispatcher. This appli-
cation must be a highly trusted one, because it needs to run as root. disp_qos
determines whether you allow for lossy or lossless communication between
the audit daemon and the dispatcher. If you choose lossy, the audit daemon might
discard some audit messages when the message queue is full. These events still get
written to disk if log_format is set to raw, but they might not get through to
the dispatcher. If you choose lossless the audit logging to disk is blocked until
there is an empty spot in the message queue. The default value is lossy.
name_format and name
name_format controls how computer names are resolved. Possible values are
none (no name will be used), hostname (value returned by gethostname), fqd
(full qualified hostname as received per DNS lookup), numeric (IP address) and
user. user is a custom string that has to be defined with the name parameter.
max_log_file and max_log_file_action
max_log_file takes a numerical value that specifies the maximum file size in
megabytes the log file can reach before a configurable action is triggered. The action
382
Security Guide
Section 30.3, "Controlling the Audit
(page 385)). In this situation, increasing the backlog limit
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Novell LINUX ENTERPRISE SERVER 11 - SECURITY
Related Products for Novell LINUX ENTERPRISE SERVER 11 - SECURITY
- NOVELL LINUX ENTERPRISE DESKTOP 10 - IPRINT CLIENT
- NOVELL LINUX ENTERPRISE DESKTOP 11 - OPENOFFICE
- NOVELL LINUX ENTERPRISE SERVER 10 - STORAGE ADMINISTRATION GUIDE FOR EVMS
- NOVELL LINUX ENTERPRISE SERVER 11 - STORAGE ADMINISTRATION GUIDE 2-23-2010
- NOVELL LINUX ENTERPRISE SERVER 11 - DEPLOYMENT
- NOVELL LINUX ENTERPRISE SERVER 11 - VIRTUALIZATION
- NOVELL LINUX ENTERPRISE SERVER STARTER SYSTEM
- NOVELL LINUX ENTERPRISE DESKTOP 10
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - VIRTUALIZATION WITH XEN
- Novell eBook Reader
- NOVELL LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE 17-03-2009
- Novell 3.6 05-2008
Need help?
Do you have a question about the LINUX ENTERPRISE SERVER 11 - SECURITY and is the answer not in the manual?
Questions and answers