Secospace eLog Fails to Obtain the Latest Logs of the HP-Unix Host After Running Properly

Publication Date:  2012-07-20 Views:  104 Downloads:  0
Issue Description
    The Secospace eLog supports the HP-Unix host of the version B.11.11 U. Querying the latest logs of the HP-Unix host in Secospace eLog fails.
?Log in to the HP-Unix host and run cd /var/log/eLog/ to navigate to the directory where the log file is stored. Run ls -l to view the log files of the current system and then run this command again after five minutes. Based on the comparison of the output results, it is found that the size of the audit log file does not increase and the date is not updated.
?Run sam to view the audit configurations of the HP-Unix host and it is found that Auditing Turned is set to OFF, which indicates that log audit is disabled.
Alarm Information
Handling Process
Install patches for the HP-Unix host. Do as follows:
1. Download the PHCO_35732 and PHCO_36562 patches from the official Web site of HP.
2. Install the downloaded patches.
3. Run swlist -l fileset -a state at the system prompt. If the following information can be found in the output result, it indicates that the patches are installed successfully.
# PHCO_35732    
  PHCO_35732.ADMN-ENG-A-MAN  configured     
  PHCO_35732.SYS-ADMIN   configured     
# PHCO_36562    
  PHCO_36562.INETSVCS-BOOT  configured     
  PHCO_36562.SAM   configured     
  PHCO_36562.SAM-ENG-A-MAN  configured     
  PHCO_36562.SAM-HELP   configured     
  PHCO_36562.UX-CORE   configured   
Root Cause
Run ls /var/sam/log/samlog at the system prompt to view the SAM logs of the HP-Unix host. The following information appears:
@!@4@1253379892@0 Executing the following command:\Cinsf > /dev/null 2>&1\Cto bind devices to Card Instance numbers.
@!@4@1253379896@0 Determine if ioscan is to be run.  If ioscan is not run at this 
time use previous ioscan output cached in $IOSCAN_OUT.
@!@4@1253379896@0 Executing the following command:\Cioscan $* > $IOSCAN_OUT\C"
Executing the following command:\C/usr/bin/kill -9 `ps -ef | /usr/bin/grep '[
a]udomon' | /usr/bin/awk '{ printf "%s ", $2 } END { print }'`\C"
Successfully turned auditing off.
The information shows that an error occurs on the SAM of the HP-Unix host, which causes the disabling of log audit.