02-22-2007
Quote:
Originally Posted by simquest
I'm looking for a software to capture my systems logs, and bsm (basic security module) logs to centralise the administration. Do you have a suggestions. Opensource or not.
If you are using Solaris 10 you can use the
audit_syslog(5) plugin to forward your audit events to syslog, and then you can send them to your regular syslog server.
For more information, see
http://auditanalyzer.com/auditing/solaris/#syslog
9 More Discussions You Might Find Interesting
1. Programming
I have a C program and want to write messages to a log. BSM is being used for O/S auditing. Can I write my messages to the BSM log? If so, how do I do that? I'm not finding any API's for that. Any URLs, samples, guidance would be appreciated. (0 Replies)
Discussion started by: JDO
0 Replies
2. UNIX for Dummies Questions & Answers
Hi Guys,
I am new to this forum so I am sorry if i posted this thread in the wrong place. I am currently trying to get BSM to work on solaris 10 by Logging few things for me. I need your help to complete this task please.
this is the config of the audit files:
audit_conto
# Copyright... (18 Replies)
Discussion started by: skywalker850i
18 Replies
3. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
4. Cybersecurity
Hi,
I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).... (5 Replies)
Discussion started by: BERNIELEE68
5 Replies
5. Solaris
Does anyone know of any other place to download Solaris 9 packages other than Oracle's website. I'm looking to setup Solaris 9 containers and needing package
SUNWs9brandk. I don't have a account with Oracle to allow me to download this package. I'm using a Solaris 10 server update 9. (1 Reply)
Discussion started by: soupbone38
1 Replies
6. Solaris
Hi ,
I don't want logs from a particular "library" to get recorded in the audit.log file. Is that possible with BSM? Please guide.
Thanks. (2 Replies)
Discussion started by: chinchao
2 Replies
7. Solaris
New to Solaris in general (coming from a RHEL background) I'm trying to enable auditing on the system with the following in /etc/security/audit_control:
But there are two areas where it seems to break with expected behavior (maybe it's poor expectations on my part):
1) it seems to be... (0 Replies)
Discussion started by: thmnetwork
0 Replies
8. Solaris
Solaris 9 system:
I'm trying to get BSM to record to the point where additional files being put into /etc/opt/csw/sudoers.d will be recorded but thus far all I'm able to get are when files are deleted (via unlink). I've even tried auditing based on the "all" audit flag temporarily (thinking I... (2 Replies)
Discussion started by: thmnetwork
2 Replies
9. Solaris
Hi all,
I'm trying to read Solaris BSM log in user friendly form. Found old tools including bsmparser java tool and php code. But none of them working. What are you using for parsing BSM log? (2 Replies)
Discussion started by: sembii
2 Replies
LEARN ABOUT DEBIAN
mrtg-ping-probe
MRTG-PING-PROBE(1) General Commands Manual MRTG-PING-PROBE(1)
NAME
mrtg-ping-probe - ping probe module for Multi Router Traffic Grapher
DESCRIPTION
mrtg-ping-probe is a ping probe module for MRTG 2.x. It is used to monitor the round trip time and packet loss to networked devices. MRTG
uses the output of mrtg-ping-probe to generate graphs visualizing minimum and maximum round trip times or packet loss.
mrtg-ping-probe is not run directly, but is called by MRTG as a helper when it needs to determine ping time to a host.
Act responsibly: do not use mrtg-ping-probe to ping devices without the owner's permission. Just imagine if 10,000 people decided to ping
your hosts! mrtg-ping-probe is meant to be used within your network to get round trip time performance figures for your network.
OPTIONS
To use mrtg-ping-probe you need to configure MRTG to call it from within the definition of a target host. This is done in the MRTG config
file, which is usually /etc/mrtg.conf.
Here's an example snippet: change the target name and IP address to suit your needs.
Target[your.target.ping]: `/usr/bin/mrtg-ping-probe 123.456.789.123`
SetEnv[your.target.ping]: MRTG_INT_IP="123.456.789.123" MRTG_INT_DESCR="ping"
MaxBytes[your.target.ping]: 100
AbsMax[your.target.ping]: 200
Options[your.target.ping]: gauge, growright
YLegend[your.target.ping]: ping time (ms)
ShortLegend[your.target.ping]: ms
Legend1[your.target.ping]: Maximum Round Trip Time in ms
Legend2[your.target.ping]: Minimum Round Trip Time in ms
Legend3[your.target.ping]: Maximal 5 Minute Maximum Round Trip Time in ms
Legend4[your.target.ping]: Maximal 5 Minute Minimum Round Trip Time in ms
LegendI[your.target.ping]: Max:
LegendO[your.target.ping]: Min:
Pay close attention to the backticks in the first line which tell MRTG to execute the nominated external program. Note also that you need
to use the "gauge" option, since the results of subsequent ping probes are independant values and not an incrementing counter.
SEE ALSO
mrtg(1).
The latest release of mrtg-ping-probe can be found on the web at http://pwo.de/projects/mrtg/
AUTHOR
This manual page was written by Jonathan Oxer <jon@debian.org>, for the Debian project (but may be used by others).
April 14, 2003 MRTG-PING-PROBE(1)