svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
audit_warn(8)
System Administration Commands audit_warn(8)
NAME
audit_warn - audit service warning script
SYNOPSIS
/etc/security/audit_warn option [arguments]
DESCRIPTION
The audit_warn script processes warning and error messages from the
audit service. When a problem is encountered, for example, during
startup, configuration, processing, or shutdown, the audit service
calls audit_warn with the appropriate arguments. The option argument
specifies the type of problem.
The system administrator can specify a list of mail recipients to be
notified when an audit_warn situation arises by defining a mail alias
called audit_warn in aliases(5). The users that make up the audit_warn
alias are typically the audit and root users.
The default action is to send mail to the audit_warn alias and send the
mail message to syslog with a daemon.alert priority.
The system administrator can customize the audit_warn script for the
site's specific needs. Care should be taken when updating to a new
release to resolve any changes in the release.
OPTIONS
The following options are supported:
allhard count
Indicates that the hard limit for all audit_binfile(7) directory
filesystems has been exceeded count times. To avoid filling the
mail spool directory, mail is sent only if the count is 1.
allsoft
Indicates that the soft limit for all audit_binfile(7) directory
filesystems has been exceeded.
ars message
Indicates that the Audit Remote Server experienced an error.
auditoff
Indicates that the kernel audit subsystem has failed while the
audit service is running. The audit service exits in this case.
config message
Indicates the audit service detected a configuration error.
hard directory
Indicates that the hard limit for the audit_binfile(7) directory
filesystem has been exceeded.
hostname
Indicates that the audit service could not find an IP address to
associate with the local hostname. It has fallen back to using the
"loopback" address. Audit trail translation tools might not trans‐
late the hostname properly. The audit service can be refreshed
(audit -s) to retry to find an IP address.
nostart
Indicates that auditing could not be started because the audit sub‐
system system calls are reporting failure.
plugin name error count text
Indicates that an error occurred during execution of the audit ser‐
vice plugin name. To avoid filling the mail spool directory, mail
is sent only if the count is 1. A separate count is kept for each
error type. The text field provides the detailed error message
passed from the plug-in. The error field is one of the following
strings:
load_error
Unable to load the plugin name.
sys_error
The plugin name is not executing due to a system error such as
a lack of resources.
config_error
No plug-ins loaded (including the binary file plug-in,
audit_binfile(7)) due to configuration errors (see the -setplu‐
gin option of the auditconfig(8) command). The name string is
--, to indicate that no plug-in name applies.
retry
The plugin name reports it has encountered a temporary failure.
For example, the audit_binfree.so plugin uses retry to indicate
that all directories are full.
no_memory
The plugin name reports a failure due to lack of memory.
invalid
The plugin name reports it received an invalid input.
failure
The plugin name has reported an error as described in text.
soft directory
Indicates that the soft limit for the audit_binfile(7) directory
filesystem has been exceeded.
FILES
/var/adm/messages Additional information.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee
below
The command is Committed. The script content is Uncommitted. The pres‐
ence and contents of /var/audit/debug is Not-an-Interface. The syslog
and mail output is Not-an-Interface.
SEE ALSO
logger(1), mailx(1), aliases(5), audit.log(5), syslog.conf(5),
attributes(7), audit_binfile(7), audit(8), auditconfig(8), auditd(8)
NOTES
This functionality is available only when the audit service is enabled.
Hard and soft limits deal with the list of audit_binfile(7) and Audit
Remote Server directories and the configured free space. When the cur‐
rently active directory is filled beyond the configured free space, a
"soft" limit is reached and the next directory in the list is tried.
When the currently active directory space is exhausted a "hard" limit
is reached and the next directory in the list is tried.
See the pkg(7) man page for guidance on resolving changes across
release updates.
If the perzone audit policy is set or perzone is not set and the Audit
Remote Server is enabled, the /etc/security/audit_warn script for the
local zone is used for notifications from the local zone's instance of
the audit service. If the perzone policy is not set and Audit Remote
Server is not enabled in the local zone, all audit service errors are
generated by the global zone's copy of /etc/security/audit_warn.
Oracle Solaris 11.4 6 Dec 2019 audit_warn(8)