The max limit value for audit_size token

Document ID : KB000026660
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

The size of audit log(seos.audit) at Endpoint of Privileged Identity Manager(a.k.a CA PIM) is limited by the audit_size token at logmgr section in the seos.ini file on UNIX or in the registry on Windows systems.

When file size reaches audit_size, seos.audit file is changed to seos.audit.bak and CA PIM creates new seos.audit file.

The token, audit_size has max limitation of 2GB.
If the file size exceeds this max value limitation of 2GB audit logging stops.

Instructions:

Important: This article contains information about modifying the registry.
Before you modify the registry, make sure to create a back up of the registry and ensure that you understand how to restore the registry if a problem may occur.

For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base article on support.microsoft.com.

To set the value at 2GB (2,097,151KB) or less in the audit_size token do the following:

On UNIX:
Open the sesos.ini file, which is in the CA PIM installed directory, such like /opt/CA/AccessControl.
Go to the section of the file that starts with logmgr (use the vi command /logmgr to go directly to this section).
Change the audit_size token to the file size you require, with a maximum value of 2097151 and a minimum of 50. See below:

# vi seos.ini
...
[logmgr]
...
; Minimum Value: 50KB
audit_size = 2097151


On Windows:
Edit by using the regedit application (standard on Windows operating systems, provided by Microsoft) to change the following key value.
Change the audit_size token to the file size you require, with a maximum decimal value of 2097151 and a minimum of 50.
See below:

Key name:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\logmgr
Value Name: audit_size ( DWORD )
2097151 (Decimal)
or
1fffff (Hexadecimal)