Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Enabling Solaris Audit log: Solaris 9
Operating Systems Solaris Enabling Solaris Audit log: Solaris 9 Post 302755735 by bartus11 on Monday 14th of January 2013 08:35:07 AM
Old 01-14-2013
Use praudit on /var/audit/* files.
This User Gave Thanks to bartus11 For This Post:
jim mcnamara
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Enabling C2 audit

hey guys, im going to enable C2 auditing on a sun box, i know how to do it, but im just wondering if there are any issues or problems that i may run into. this will be my first major change (since i have to reset the box) since i joined this company and i dont really wanna kill their servers, so... (2 Replies)
Discussion started by: roguekitton
2 Replies

2. Solaris

Solaris BSM audit log

I got a lot of this message in my /var/audit log how can I exclude this message? header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument ,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies

3. Solaris

audit in solaris

How do I know that audit is enabled in soalris. in AIX 'audit query' command gives me the info whether auditing is on or not. Raghav (1 Reply)
Discussion started by: raghavender_sri
1 Replies

4. Solaris

audit in solaris 10

can you please share what you use to audit what files are deleted, when files are deleted and who deleted them? thx (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

5. Solaris

Audit in Solaris Servers.

Hi Friends I am a Solaries newbie and I am looking out for a software or command or config that can capture all commands run by all users on a server on a daily basis. I believe that this Audit is being done in almost all enterprises and would like to know how the same is done there. Any... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies

6. Solaris

Cron audit problem in Solaris 8

cron audit problem. job failed I’m getting problem with crontab in Solaris 8 Crontab stop and is not running for all the cron jobs under cat /var/cron/log > CMD: /var/sh/go.sh > root 24835 c Sun Sep 26 08:06:00 2010 < root 24835 c Sun Sep 26 08:06:00 2010 rc=1 ! cron audit problem.... (5 Replies)
Discussion started by: Mr.AIX
5 Replies

7. Solaris

Enabling TFTP in Solaris 10

Hi, I was trying to enable TFTP on my Solaris 10. I started with un-commenting the tftp line in /etc/inetd.conf and inetconv -i /etc/inetd.conf for tftp installation. I did reboot the server afterwards, but i still cannot find the /tftpboot directory. though the return of svcs -a | grep -i tftp... (0 Replies)
Discussion started by: A.Salama
0 Replies

8. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

9. Solaris

Enabling SFTP log on Solaris

Hi Guys, Hope you can shed the light to this issue. I have enabled SFTP logging on Linux this way and it works: But trying this on Solaris it wont work, the ssh goes to maintenance in when checking with svcs. The logs said a syntax error it doesn't recognize "-l" (3 Replies)
Discussion started by: batas
3 Replies

10. Solaris

Audit not working on Solaris 10

hi, I enabled bsm modules (/etc/security/bsmconv) and rebooted Solaris 10. But service is going into maintenance state. I rebooted server and I see one error saying "sys/c2audit:audit_kssl() not defined properly". I am not sure, what it is indicating and how it should be fixed. Please suggest, how... (5 Replies)
Discussion started by: solaris_1977
5 Replies

LEARN ABOUT LINUX

praudit

praudit(1M)						  System Administration Commands					       praudit(1M)

NAME

       praudit - print contents of an audit trail file

SYNOPSIS

       praudit [-lrsx] [-ddel] [filename...]

DESCRIPTION

       praudit	reads  the  listed  filenames  (or  standard input, if no filename is specified) and interprets the data as audit trail records as
       defined in audit.log(4). By default, times, user and group IDs (UIDs and GIDs, respectively) are converted to their  ASCII  representation.
       Record  type  and  event  fields  are converted to their ASCII representation. A maximum of 100 audit files can be specified on the command
       line.

OPTIONS

       The following options are supported:

       -ddel	Use del as the field delimiter instead of the default delimiter, which is the comma. If del has special meaning for the shell,	it
		must  be  quoted. The maximum size of a delimiter is three characters. The delimiter is not meaningful and is not used when the -x
		option is specified.

       -l	Print one line per record.

       -r	Print records in their raw form. Times, UIDs, GIDs, record types, and events are displayed as integers. This  option  and  the	-s
		option are exclusive. If both are used, a format usage error message is output.

       -s	Print  records	in  their short form. All numeric fields are converted to ASCII and displayed. The short ASCII representations for
		the record type and event fields are used. This option and the -r option are exclusive. If both are used,  a  format  usage  error
		message is output.

       -x	Print records in XML form. Tags are included in the output to identify tokens and fields within tokens. Output begins with a valid
		XML prolog, which includes identification of the DTD which can be used to parse the XML.

FILES

       /etc/security/audit_event       Audit event definition and class mappings.

       /etc/security/audit_class       Audit class definitions.

       /usr/share/lib/xml/dtd	       Directory containing the verisioned DTD file referenced in XML output, for example, adt_record.dtd.1.

       /usr/share/lib/xml/style        Directory containing the versioned XSL file referenced in XML output, for example, adt_record.xsl.1.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below 		   |
       +-----------------------------+-----------------------------+

       The command stability is evolving. The output format is unstable.

SEE ALSO

       bsmconv(1M), audit(2), getauditflags(3BSM), audit.log(4), audit_class(4), audit_event(4), group(4), passwd(4), attributes(5)

NOTES

       This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

SunOS 5.10							    6 Jan 2003							       praudit(1M)
All times are GMT -4. The time now is 04:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy