Next | Prev | Up | Top | Contents | Index
Removing Audit Data
Since the audit trail is stored in ordinary system files, once it has been archived, audit trail files can be safely removed. If you enter the df command (disk free) and determine that the filesystem containing your audit trail is more than 90 percent full, you should remove old audit files. If your audit files are kept in /var/adm/sat, enter the command
df -k /var/adm/sat
The output should be similar to this:
Filesystem Type blocks use avail %use Mounted on
/dev/root efs 245916 218694 27222 89% /
In this example, the file system is 89 percent full, and the auditor should archive and remove audit trail files.
Next | Prev | Up | Top | Contents | Index