Login or Register to Ask a Question and Join Our Community


AIX

Auditing events

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Auditing events
# 1  
Old 07-21-2009
Auditing events
Hi there,

I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file:

Authentication events (login success, login failure, logout)
Privilege use events (change to another user etc.)
System state events (shutdown, reboot)
Batch events (execution of batch processes)
Clock/Time Setting Change
Syslog Messages Cleared
User Account Administration

For testing purpose, I want to turn off all other events but for the ones listed above. Please let me know how it's done.

Thanks,
V
Last edited by zaxxon; 07-21-2009 at 10:07 AM.. Reason: Changed title into something senseful
# 2  
Old 07-21-2009
I guess you know this one already?
Howto configure AIX syslogd (/etc/syslog.conf)

Syntax of syslog.conf is widely explained on the web by lot's of examples etc.

Also for the other things you want, you might want to have a look into Auditing:
IBM Redbooks | Accounting and Auditing on AIX 5L
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Solaris

Configuring Auditing

Hello Solaris Team, We would like to implement some audit policy (using a log file) in Solaris 10 in order to record the following data in columns per all users: 1. Date 2. Time 3. User 4. Command executed 5. Terminal 6. IP Address Could you please help me in order to... (2 Replies)
Discussion started by: csierra
2 Replies

2. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

3. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

4. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

5. Shell Programming and Scripting

Auditing script

I need a command line that will ls -l a directory and pick (grep?) all files that don't match a desired owner without losing track of the filename at any point. This way I can list later on "here are all the files with an incorrect owner". Thanks in advance (4 Replies)
Discussion started by: stevensw
4 Replies

6. Cybersecurity

Solaris Auditing: Newly specified events not being logged

Hi all I'm busy testing auditing on Solaris 10. I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this: dir:/var/audit flags:lo minfree:20 naflags:lo... (1 Reply)
Discussion started by: notreallyhere
1 Replies

7. Cybersecurity

bash auditing

Hi dear friends I have an RHEL5 installed and I gave all users on it rbash shell, Now I want to audit all commands that they did in there shell once they enter them, Can any guide me to the way Thanks (2 Replies)
Discussion started by: reaky
2 Replies

8. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies
Login or Register to Ask a Question