Differences

This shows you the differences between two versions of the page.

--- howto:rollover_security_audit_journal_file [2023/04/07 15:00] – williams
+++ howto:rollover_security_audit_journal_file [2025/11/04 22:33] (current) – mmacgregor
@@ Line 18: / Line 18: @@
 . Create a new version of the SECURITY.AUDIT$JOURNAL logfile:
+NOTE: This section has two pieces, if the first doesn't work, try the second:
 <code>
@@ Line 26: / Line 28: @@
 $ SET PROCESS /PRIVILEGE=(NOSYSPRV,NOSECURITY)
 </code>
+<code>
+$ DIR SYS$MANAGER:SECURITY.AUDIT$JOURNAL/SIZE=ALL
+Directory SYS$COMMON:[SYSMGR]
+SECURITY.AUDIT$JOURNAL;2
+/1024096
+SECURITY.AUDIT$JOURNAL;1
+                     1023847/1023856
+Total of 2 files, 1023849/2047952 blocks.
+</code>
+Notice the second file is the same size as the original. Instead use:
+<code>
+$ SHOW RMS
+$ SET RMS /EXTEND=10000 /SYSTEM
+$ SET AUDIT /SERVER=NEW
+$ SET RMS /EXTEND=original-value-from-above /SYSTEM
+$ DIR SYS$MANAGER:SECURITY.AUDIT$JOURNAL/SIZE=ALL
+Directory SYS$COMMON:[SYSMGR]
+SECURITY.AUDIT$JOURNAL;3
+/10000
+SECURITY.AUDIT$JOURNAL;2
+/16
+SECURITY.AUDIT$JOURNAL;1
+                     1023847/1023856
+Total of 3 files, 1023849/1033872 blocks.
+</code>
+Notice that the second version closed small and third version started at 10,000 blocks.
 . Purge old file versions to free up space -- keep as many recent versions as you like, but consider whether you'll ever actually need to investigate events in those older files (it hardly ever happens, but again, YMMV).