Example — Cleaning Up a not_terminated Audit File (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: Example — Copying Selected Records to a Single File
Next: How to Display Audit Record Formats

Example — Cleaning Up a `not_terminated` Audit File

Occasionally, an audit daemon dies while its audit file is still open, or a server becomes inaccessible and forces the machine to switch to a new server. In such instances, an audit file remains with the string not_terminated as the end-time, even though the file is no longer used for audit records. When you find such a file, you can manually verify that the file is no longer in use and clean it up by specifying the name of the file with the correct options.

# audit -s
19990414121112.not_terminated.egret
# auditreduce -O egret 19990413120429.not_terminated.egret

The audit command checks the name of the current audit file. The auditreduce command creates a new audit file with the correct name and correct timestamps, with the correct suffix (egret), and copies all the records into it.

Previous: Example — Copying Selected Records to a Single File
Next: How to Display Audit Record Formats