SunSHIELD Basic Security Module Guide

Previous: Example of a File Name for a Still-Active File
Next: Handling Nonactive Files Marked not_terminated

Example of a Closed Audit File Name

The format of the name of a closed audit log file is shown below:

YYYYMMDDHHMMSS.YYYYMMDDHHMMSS.hostname

Here is an example:

19900320005243.19900327225351.lazy

The example above was started in 1990, on March 20, at 12:52:43 a.m., GMT. The file was closed March 27, at 10:53:51 p.m., GMT. The name lazy at the end is the host name of the machine whose audit data is being collected.

Whenever auditd is unexpectedly interrupted, the audit file open at the time gets the not_terminated end file name time stamp. Also, when a machine is writing to a remotely mounted audit file and the file server crashes or becomes inaccessible, the not_terminated end time stamp remains in the current file's name. The audit daemon opens a new audit file and keeps the old name intact.

Previous: Example of a File Name for a Still-Active File
Next: Handling Nonactive Files Marked not_terminated