Novell Audit creates 'Data' file which grows indefinitely.

  • 7005889
  • 03-May-2010
  • 11-Jun-2013

Environment

Novell Audit 2.0.2 Secure Logging Server

Situation

A Novell Audit Secure Logging Server (SLS) running on Linux perpetually writes to a file named 'Data' within the /opt/novell/naudit directory.  This file appears to have data added to it when Platform Agents connect to the SLS but the data contained are not event data from various applications sending logging data.  The file grows indefinitely and can fill the hard drive.

Resolution

Two options exist for any implementation experiencing issues with the perpetual growth of the /opt/novell/naudit/Data file.

The first option is to delete the file and replace it with a softlink pointing to /dev/null .  This causes all data sent to that file to be thrown away immediately without ever taking disk space.  This is the recommended approach.  Running the following commands as 'root' while the SLS service is stopped will make the necessary changes:

rm /opt/novell/naudit/Data
ln -s /dev/null /opt/novell/naudit/Data

Another option is to setup a scheduled job to regularly delete the file.  This does not negatively impact the SLS process or other systems on the server.  The job must be run as root due to the file's permissions.  Edit the 'root' user's crontab by running, as root, `crontab -e` and then enter the following line to delete the file hourly:

0 * * * * /bin/rm /opt/novell/naudit/Data

This has been resolved in Access Manager 3.1 SP3