After creating new Audit and Tracking files in Top Secret, how do you perform validation/test that the new audit files are working as required?
Release : 16.0
After creating the new files, doing a temporary shutdown and restart of Top Secret pointing to the new files, generate some events (ie violations and/or audited events), then run TSSUTIL against the new audit files with:
to make sure the events show up in the TSSUTIL report. Once the first audit file fills up, there should be a
TSS9203I SWITCHED TO AUDIT/TRACKING OUTPUT FILE dddddddd
message indicating it switched to the other audit file.