Behaviour of the audit daemon

Always wanted to know how to make a clean start with nightly log rotations in Solaris audit setup.

Turns out it could't be simpler!

From the audit(1M) man page:

audit - control the behavior of the audit daemon

and a bit further down:

-s Notify the audit daemon to read the audit control file. The audit daemon stores the information internally. If the audit daemon is not running but audit has been enabled by means of bsmconv, the audit daemon is started.
-t Direct the audit daemon to close the current audit trail file and exit. Use -s to restart auditing. To disable auditing, use bsmunconv.

So the sequence should be:
1) Close current audit trail file:
audit -t
2) Do log rotation magic
3) Restart audit trail:
audit -s

How To: Confirm Link Speed for a Network Interface

Here's a one liner that is really useful when you need to quickly confirm the link speed for network interfaces on your system. The beauty of this command is that you can run it as a regular user: bash-3.00$ kstat -p | grep link_speed … [Continue reading]

Using nohup for existing processes

Most of you are probably aware with the fact that by default any processes you may have running within your session will be killed once you terminate the session. The most common example is logging onto a remote server via SSH, starting some command … [Continue reading]

Using Service Controller to confirm battery status

I've been working with a support engineer on replacing an SC battery in one of T2000 servers recently, and noticed that immediately upon rebooting a server it may not be possible to get battery and fans stats because prtdiag command wouldn't work … [Continue reading]

prstat – a great tool for process monitoring

Solaris administrators with solid Linux experience are usually installing top on their systems because of convenience. Quite a few administrators are aware of prstat but don't see benefits of using its format which somewhat differs from top. And … [Continue reading]

Welcome to 2012!

Hi all, happy New Year! Just thought I'll take a few minutes to welcome you to the new year and to thank you once again for staying with the Solaris Blog for so long! My plans for this blog are quite humble in the view of Solaris not being a … [Continue reading]

Oracle Sends a Strong Message about Sun Microsystems

Really glad to see the address Larry Ellison gave to all the Sun customers on the Oracle website: more money to develop SPARC more money to develop Solaris dramatic improvement in Sun's hardware performance through tight integration with … [Continue reading]

Share your Solaris OS experience and win a prize!

Just got an email from the Frontline Systems representative about a competition they're running at the moment. … [Continue reading]

Changing hostname in Solaris

I had to change the host name in one of Solaris zones today, and just out of curiousity looked into /etc/init.d/network script. That's how I learned a new (to me) option of the uname command, which seems to be specific to Solaris: uname -S … [Continue reading]

Solaris 10 patch return codes

Now that some of the systems I have to regularly patch are Solaris 10 ones, I have to get used to the new patch return codes which one can see when applying one of the Sun's recommended patchsets. It's similar to the Solaris 8/9 patchset installation … [Continue reading]