TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
you need to chisel down on the events that you are auditing using the BSM. Locate the audit_control file in /etc/security and it should look something like this: dir:/var/audit flags: minfree: naflags:lo the "flags" field should only contain something along these lines: flags:lo check you audit_class file in the same directory and write down all of the other 2 letter acronyms for the other flag fields. All but the "lo" should be put in the "naflags" field: naflags:fc,pc,fm,fa,fw,fr,cl,ap,io,ad,fc,fd,ex,ot,no,nt,ip By default, when you enable BSM by running bsmconv, the system will add an entry to the "audit_user" file that will look something like this: root:always audit flags: simply delete that line and save the changes. All you need to do from that point is stop and start the audit daemon. Do this by issuing "/etc/rc2.d/S99audit restart" What you have essentially done here is minimalized the auditing to login failures and successes via the "flags" field in the audit_control file. Unless you are mandated to run a C2 system then you should not require any of the other flags. -----Original Message----- From: Ohler Thorsten [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 8:10 AM To: [EMAIL PROTECTED] Subject: Sensor on Solaris/ BSM Hallo Can anybody help me? I have got a Problem with Sensors on Solaris Computers. When I run the Deamon on this machine for example an Application Server the Deamon Stops or the Machine craches after a period of time. When I watch into the var directory there is File which is very large. After 30 Minutes 240MB. Is there a Problem with the BMI Module, which Protokolls into this Directory. How do I configure the Deamon or the BMI (Basic Security Modul) which is installed with the Deamon, so that the Sensor works? -- Mit freundlichen Gruessen - Yours sincerely Thorsten Ohler (Student Wirtschaftsinformatik) Firma: SVI GmbH Stuttgart Abteilung: ZS3 (Systemmanagement)
