The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
Reload this Page monitoring a specific file on Tru64
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: monitoring a specific file on Tru64
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #2 (permalink)  
Old 07-12-2007
aladdin aladdin is offline
Registered User
  
 

Join Date: Oct 2006
Posts: 78
ooops, this will sound so dummy.
It seems I overwrote some existing audit policy my system already has.
I issued the following command:

#auditmask -x /tmp/alaa

thought that will audit the file /tmp/alaa.

however I ended up finding such process running:

root 1291907 1048577 0.0 07:37:22 ?? 0:00.02 /usr/sbin/auditd -l /var/audit/auditlog -c syslog -o overwrite

so I killed this process, but when I checked the file /tmp/alaa
I fouond it full of auditing records, so now it is contains the auditing recoreds instead of being audited.

any advise??

Thanks