logmgr

In the [logmgr] section, the tokens control the behavior of the logging facility.
capamsc141
In the [logmgr] section, the tokens control the behavior of the logging facility.
  • audit_back
    Specifies the name of the audit log backup file. Only
    PAM Server Control
    can write to this file. Users can have READ access only to this file.
    Default:
    ACInstallDir
    /log/seos.audit.bak
  • audit_group
    Specifies the group that can read the audit logs. If you set this token to
    none
    , only root can read the audit logs.
    PAM Server Control
    does not verify the value of this token. If you enter an invalid group name, the product does not assign any group permissions to the audit log files.
    To change the group ownership of an existing audit log file, complete the following steps:
    Use the selang command chgrp to set the group ownership of the files.
    Change the UNIX permissions by entering the following command:
    chmod 640 ACInstallDir/log/seos.audit
    Default:
    none
  • audit_log
    Specifies the name of the audit log file. When this file reaches the size that is specified in
    audit_size
    ,
    PAM Server Control
    does the following actions:
    • Closes the file
    • Renames it with the name in
      audit_back
    • Creates an audit log. Only
      PAM Server Control
      can write to this file. Users can have READ access only to this file.
      Default:
      ACInstallDir
      /log/seos.audit
  • audit_max_files
    Defines the maximal number of audit log backup files accumulates when it performs date-triggered backups. When the BackUp_Date configuration setting is set to anything other than
    none
    , continuously accumulates date-triggered backup files. This configuration setting lets you reduce disk space uses for audit log backups. When the number of audit log backup files reaches the limit that you set,
    PAM Server Control
    deletes the oldest backup file when it creates the newest.
    Values:
  • 0
    keep all audit log backup files.
    1. n
      a positive integer greater than zero.
    Note:
    You cannot remove redundant audit log backup files manually because
    PAM Server Control
    protects these files automatically. Also, if the audit reporting is enabled, 
    PAM Server Control
    does not delete a backup file until the Report Agent finishes processing it.
    Default:
    0
  • audit_size
    Specifies the maximum size, in KB, of the audit log file.
    Minimum value: 50 KB
    Default:
    10240
    stops writing audit records to the audit file when the audit file size exceeds 2 GB.
  • BackUp_Date
    Specifies the criterion by which
    PAM Server Control
    backs up the audit log file, and if it adds a timestamp to the backup file name.
     
    always
    backs up the audit log file when it reaches the size specified in the audit_size configuration setting.
    Values:
    none, yes, daily, weekly, monthly
    • yes:  backs up the audit log file when it reaches the size that is specified in audit_size and adds a timestamp to the backup file name.
    • none:  backs up the audit log file when it reaches the size that is specified in audit_size and does not add a timestamp to the backup file name.
    • daily, weekly, monthly:  backs up the audit log file whenever the specified interval has elapsed
      and
      when it reaches the size that is specified in audit_size, and adds a timestamp to the backup file name. However, if no audit events are written to the audit log file in the specified interval,
      PAM Server Control
      does not back up the file after the interval elapses.
      Note:
        counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
    Example:
    The configuration setting has a value of weekly and 
    PAM Server Control
    creates the audit log file at 9:00 a.m. Friday 1 April. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. 
    PAM Server Control
    backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, the product again backs up the audit log file and adds a timestamp to the backup file name.
    Default:
    NONE
  • error_back
    Specifies the name of the error log backup file.
    Default:
    ACInstallDir
    /log/seos.error.bak
  • error_group
    Specifies the group that can read the error log files. If you set this token to
    none
    , only root can read the error log files. The product does not verify the value of this token. If you enter an invalid group name, the product does not assign any group permissions to the error log files.
    To change the group ownership of an existing error log file, complete the following steps:
    Use the selang command chgrp to set the group ownership of the files.
    Change the UNIX permissions by entering the following command:
    chmod 640 ACInstallDir/log/seos.audit
    Default:
    none
  • error_log
    Specifies the name of the error log file. When this file reaches the size that is specified in
    error_size
    PAM Server Control
    does the following actions:
    •  Closes the file
    •  Renames it with the name in
      error_back
    •  Creates an error log. Only
      PAM Server Control
      can write to this file.
      Default:
      ACInstallDir
      /log/seos.error
  • error_size
    Defines the maximum size, in KB, of the error log file.
    Limits:
    A minimum value of 50 KB.
    Default:
    50
  • irecorder_audit
    Specifies whether the IR API library routes audit events of existing PMDs in addition to the local security daemon audit events.
    all - routes audit events of Policy Models in addition to the local security daemon audit events.
    localhost - routes audit events of the local security daemon only.
    Default:
    all
  • logconnected
    Prevents TCP-CONNECTED records from being written to the audit log.
    Set logconnected to No to use this feature.
    Default:
    no