Hi, > Does anybody know how to repair damaged Sun BSM audit logs enough so that > auditreduce will not choke on them? Since praudit can still read the files, > can I somehow pull the undamaged records out and dump them back into the > binary format that auditreduce can work with? Most likely your audit trail isn't corrupted (otherwise praudit won't be able to read it either). Perhaps you've hit bugid 4174308 which makes auditreduce to fail if you're also monitoring network events (AUT_SOCKET token). This has been fixed in Solaris 8. For older released make sure that you've installed the correct patches. For Solaris 2.6 you'll need patch 105181-30. For Solaris 7 one of these: 106832-01, 107117-03, 106541-08 (or later). If these patches don't address your problem, then you should log a service call by Sun and ask for investigation (what exactly is broken). Bye, Wolfgang. -- ******************************************************************* Wolfgang Ley Enterprise Services Solaris Competence Center Wolfgang.Leyat_private Sun Microsystems GmbH Tel: +49 40 251523-0 Eiffestrasse 80 Fax: +49 40 251523-77 D-20537 Hamburg http://www.sun.de/ ------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 07:38:41 PST