W
Whitehill
This morning I found an alert from SuperDuper! that last night's backup had failed. The logs didn't reveal much info, so I ran it again manually - and it failed again in exactly the same way. Comparing logs, both backups died trying to copy the same file from /var/audit/. I deleted the offending file, reran the backup, and it completed normally.
After some poking around the internet, the impression I get is that auditing is not on by default - something has to turn it on, typically when something is installed or updated with administrator authorization. The oldest file in /var/audit/ is dated 5/28. From then to now, I have installed Etrecheck and updated Parallels Desktop. There were no problems (observed by me) until late last night, early this morning.
Is it true auditing is usually OFF? Why would I want it ON? Is "audit -t" the correct way to shut it down?
Continue reading...
After some poking around the internet, the impression I get is that auditing is not on by default - something has to turn it on, typically when something is installed or updated with administrator authorization. The oldest file in /var/audit/ is dated 5/28. From then to now, I have installed Etrecheck and updated Parallels Desktop. There were no problems (observed by me) until late last night, early this morning.
Is it true auditing is usually OFF? Why would I want it ON? Is "audit -t" the correct way to shut it down?
Continue reading...
