James wrote:
> Hi all,
>
> I turned on audit on one AIX server
>
> $ more /etc/security/audit/config
> start:
> binmode = on
> streammode = off
>
> bin:
> trail = /audit/trail
> bin1 = /audit/bin1
> bin2 = /audit/bin2
> binsize = 65536
> cmds = /etc/security/audit/bincmds
> freespace = 327680
> ...
>
> 1. /audit is 2G
> 2. I set binmode to "on" instead of "panic" since I do not want my
> server hang
> when no more audit space
> 3. My question is that if there is no more space for audit, what will
> happen?
> /audit/trail file will get wrapped up from the beginning? audit
> daemon will
> fail? or else?
>
> Many thanks,
>
> James

the daemon will continue to run, but will stop logging information.
the trail file should have valid info up until the point when the
filesystem got full.
the bin files will become corrupt.
you'll have to stop audit daemon, remove bin files, move trail file
elsewhere or truncate it or otherwise create more room in the
filesystem, then restart audit daemon.