[Fed-Talk] Audit trail not closing correctly
[Fed-Talk] Audit trail not closing correctly
- Subject: [Fed-Talk] Audit trail not closing correctly
- From: Todd Heberlein <email@hidden>
- Date: Sun, 12 Oct 2008 19:23:58 -0700
To any BSM users,
On Leopard, the BSM audit trail does not properly close (involving
renaming the audit file) if you shutdown or restart your machine.
Fortunately, there is an easy work around.
For example, if when start your machine and the initial active file is:
20081013013532.not_terminated
then rebooting or shutting down the machine should result in a file
name like
20081013013532.20081013013704
But it doesn't. The ".not_terminated" is not changed to the timestamp.
It also seems to result in the machine taking a little longer to
shutdown.
To get around this, at some point before shutting own the machine
rotate the audit trail. For example,
$ sudo audit -n
This will properly terminate the old file, AND when the you shutdown
or restart your machine the new file will also be closed properly.
Todd
PS. This has been filed as bug report ID 6287390.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden