Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Dummies Questions & Answers
monitoring a specific file on Tru64 monitoring a specific file on Tru64
.
google site

Forums Register Blog Man Pages Forum RulesLinksAlbums FAQ Users Calendar Search Today's Posts Mark Forums Read


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

Closed Thread
English Japanese Spanish French German Portuguese Italian Powered by Powered by Google
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 07-11-2007
Registered User
  

Join Date: Oct 2006
Posts: 78
monitoring a specific file on Tru64
Hello everybody:
I have a critical file on my Tru64 system, I want to monitor which users are accessing this file, can I do it with some option for "audit", or I have to use some tool??

Thanks a lot.
Sponsored Links
  #2 (permalink)  
Old 07-12-2007
Registered User
  

Join Date: Oct 2006
Posts: 78
ooops, this will sound so dummy.
It seems I overwrote some existing audit policy my system already has.
I issued the following command:

#auditmask -x /tmp/alaa

thought that will audit the file /tmp/alaa.

however I ended up finding such process running:

root 1291907 1048577 0.0 07:37:22 ?? 0:00.02 /usr/sbin/auditd -l /var/audit/auditlog -c syslog -o overwrite

so I killed this process, but when I checked the file /tmp/alaa
I fouond it full of auditing records, so now it is contains the auditing recoreds instead of being audited.

any advise??

Thanks
  #3 (permalink)  
Old 07-12-2007
jgt's Avatar
jgt jgt is offline Forum Advisor  
Registered User
  

Join Date: Apr 2007
Location: 44.21.48N 80.50.15W
Posts: 617
Do you have a backup?
  #4 (permalink)  
Old 07-12-2007
Registered User
  

Join Date: Oct 2006
Posts: 78
Yes, I have full system Backup. what files you think I should restore??

Thanks
  #5 (permalink)  
Old 07-13-2007
jgt's Avatar
jgt jgt is offline Forum Advisor  
Registered User
  

Join Date: Apr 2007
Location: 44.21.48N 80.50.15W
Posts: 617
Generally the man page will show the files that are used by the command.
Check to see which of these files has been modified recently.
  #6 (permalink)  
Old 07-13-2007
Registered User
  

Join Date: Oct 2006
Posts: 78
I checked the man pages, seems all files i need to restore.
but I have the following log message:

Quote:
Jul 12 22:01:07 billing2 vmunix: warning: /dev/audit closed (pid 1291907), but audit still enabled
what do you think??

THX
Sponsored Links
Closed Thread

Bookmarks

« Threads with pipe and select? | Combine multilpe lines with various combinations »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
file monitoring problems Programming 1 08-24-2006 09:30 AM
File growth monitoring jeyanthan_kr Filesystems, Disks and Memory 1 05-18-2006 03:32 PM
Monitoring file in a directory pete_leon Shell Programming and Scripting 3 11-12-2005 02:30 PM
How to read specific lines in a bulk file using C file Programming rajan_ka1 Programming 10 11-10-2005 03:29 AM
file system monitoring script g-e-n-o Shell Programming and Scripting 1 04-08-2002 04:36 PM



All times are GMT -4. The time now is 06:25 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2010. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0