I've successfully run a script every week for months to dump and clear user audits (we're running autoboot so we have shared IDs). For the last two weeks, the script has only dumped some of the audit records and terminated with an e0000010 on the primary ID. This is apparently an error due to an invalid date/time so perhaps there's a machine somewhere with "Invalid date/time. Clock is reporting a time before 1992 or after 2038". Even though the error is thrown, the log is still cleared; i.e. the rest of the audit records are simply discarded. Luckily we don't care about autoboot user ID audits!
Is there anything I can do about this such as finding the source of the error. I'm concerned because there are user ID audit logs we will eventually want to dump and clear but we can't do that if we can't trust the DumpUserAudit command not to blow up and throw away data.
What do you mean by primary and shared user ID's? Do you use DumpUserAudit for each object (user name) and keep audit (-clear:false) and use -cleardaysold to control trimming audit logs?
We have 10 autoboot IDs defined because we were told that the system would use all of them -- it appears as if only the first one is used in almost all cases. Put another way, all machines autoboot using the same login ID. As you can imagine, with over 10K machines, the audit log gets large quickly.
The script does a dump on the ID group for the autoboot IDs with Clear:True.
Then change your way of clearing audit logs. Perform it on per user object and use option to leave events newer than certain number of days.
For those user objects which fail audit clear, you need to look more closely.
if you are getting an "object not found" error when trying to dump entries, try running the CleanUpUserGroup sbadmcl command on tht group, then dump the group again.
I have a separate group with an object not found and I was planning to try your suggestion (I've only recently discovered the existence of that command.)
This is a separate problem -- my assumption is that one or more machines have set their clocks outside the range the server understands but I cannot think of how to find them, since the dump command fails.
BTW, I find it amusing (in a black humour way) that the scripting manual says all these corruption problems were fixed in release 4!