dumpauditlog

Description

This command dumps the contents of the audit log to a file on the current configuration node. It also clears the contents of the audit log. This command is logged as the first entry in the new audit log.

Audit log dumps are automatically maintained in the /dumps/audit directory. The local file system space is used by audit log dumps and is limited to 200 MB on any node in the cluster. The space limit is maintained automatically by deleting the minimum number of old audit log dump files so that the /dumps/audit directory space is reduced below 200 MB. This deletion occurs once per day on every node in the cluster. The oldest audit log dump files are considered to be the ones with the lowest audit log sequence number. Also, audit log dump files with a cluster ID number that does not match the current one are considered to be older than files that match the cluster ID, regardless of sequence number.

Other than by running dumps (or copying dump files among nodes), you cannot alter the contents of the audit directory. Each dump file name is generated automatically in the following format:

auditlog_firstseq_lastseq_timestamp_clusterid

The audit log entries in the dump files contain the same information as displayed by the svcinfo catauditlog command; however, the svctask dumpauditlog command displays the information with one field per line. The svcinfo lsauditlogdumps command displays a list of the audit log dumps that are available on the nodes in the cluster.