sunhux
asked on
recommended partition size to hold auditd logs & BSM logs
If we have a need to retain (can be in zipped/gz format) bsm
(Solaris Basic Security Module), what's the sizing of the partitions
recommended?
I know it depends on the amount of activity but suppose I
currently have 2GB left, how much more to extend?
BSM is merged with auditd logs
(Solaris Basic Security Module), what's the sizing of the partitions
recommended?
I know it depends on the amount of activity but suppose I
currently have 2GB left, how much more to extend?
BSM is merged with auditd logs
ASKER
Refer to attached for my current utilization:
Q1:
can auditlog.1/../.9 be compressed or these 'non-readable'
files are already highly-compressed?
see /bsm_aud/auditlogs folder
Q2:
Those big files under ./bsm_aud ie the
2019mmddhhmmss.SS89 files are quite recent files
& can they be gzipped without any impact??
WLdiskutil.txt
Q1:
can auditlog.1/../.9 be compressed or these 'non-readable'
files are already highly-compressed?
see /bsm_aud/auditlogs folder
Q2:
Those big files under ./bsm_aud ie the
2019mmddhhmmss.SS89 files are quite recent files
& can they be gzipped without any impact??
WLdiskutil.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Better to place this on one partition for "/" as trying to reserve space on a custom partition will either cause you to be short of space, losing log data or create a massive amount of space which remans empty/unused.
ASKER
Ok, from Tivoli/other monitoring tools, guide is to have
30-35% of free disk space.
30-35% of free disk space.
The implementation of a syslog server is fairly straight forward since it is installed by default in all distro's.
You should consider an implementation that extracts the data of interest.
Rsyslog is an improvement over the syslog that is commonly installed on Solaris 10
Do you have, use a monitoring tools some include a syslogger option that can receive notification.
You should consider an implementation that extracts the data of interest.
Rsyslog is an improvement over the syslog that is commonly installed on Solaris 10
Do you have, use a monitoring tools some include a syslogger option that can receive notification.
Since you have to retain the data for a certain duration it is hard to predict how much space you would need.
You could compress.