Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Massive audit log spamming

807557Jun 17 2010

I've got a Solaris system who's bsm audit logs are growing at a rate of several gigabytes per day. The contents of the logs (/var/audit/*) don't seem to be matching up to what's configured in the /etc/security/audit_control and audit_user files. As a matter of fact, I've totally cleared those files out, ran "audit -s", restarted the system, etc and the log files continue to grow.

This is what I mean by "cleared out":

bash-3.00# cat /etc/security/audit_control
dir:/var/audit
minfree:20
naflags:
flags:

Can anybody help me understand why my audit logs continue to grow when, to the best of my knowledge, it shouldn't be matching anything?

Locked Post

New comments cannot be posted to this locked post.

Locked on Jul 15 2010

Added on Jun 17 2010

#oracle-solaris, #solaris-10

0 comments

187 views