12-10-2008
sending messages from auditd logs to syslog server
I have the auditd running and I need to send the audit logs to a remote syslog server.
Anyideas on how to do that?
9 More Discussions You Might Find Interesting
1. Linux
Team,
I am very new to Unix and would like to know how to read messages in syslog and also if it possible to export the syslog messages to a windows server event log? Can it be possible to use scripting to achieve this?
Thanks,
Sarav (1 Reply)
Discussion started by: sarav
1 Replies
2. Red Hat
Hi All,
I need to send all apache logs to local syslog and then to syslog server (STRM – Security Threat response manager).
I follow these steps:-
vi /etc/httpd/conf/httpd.conf
Added these lines :-
ErrorLog syslog:local1
LogLevel notice
Then in syslog.conf:-
local1.crit... (3 Replies)
Discussion started by: sidhurana
3 Replies
3. Solaris
Hi gurus and gurettes (?)
Alright, really quickly, VCS-1 is executing some monitoring scripts every minute on local zones and I want to know if there is a way for me to remove the following :
Month X XX:XX:XX RaNdOmSeRvErNaMe su: 'su root' succeeded for root on /dev/???
A quick and dirty... (3 Replies)
Discussion started by: plmachiavel
3 Replies
4. Shell Programming and Scripting
I'm trying to write a Perl script where a file from a UNIX server box connects to a Windows server box and copies that file into the Window box.
The main problem I have right now is that whenever I try to connect to the Windows box, the connection is refused.
The error message that always pops... (2 Replies)
Discussion started by: kooshi
2 Replies
5. Linux
I found a script for automatically push tomcat logs to syslog server which is locate in same server. How do I change it to push logs to remote server?
log4j.rootLogger=INFO, WARN, console, file, SYSLOG
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.append=true... (2 Replies)
Discussion started by: heshandh
2 Replies
6. Solaris
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies
7. UNIX for Dummies Questions & Answers
Hi,
there you may read some anonymous services like VPN service dont keep logs of their members activity.
So i want to ask how i can make my personal linux servers be without any logs of accessing IPs, hostnames.
I know there is "/var/log/lastlog", but are there any other files in default... (2 Replies)
Discussion started by: postcd
2 Replies
8. UNIX for Dummies Questions & Answers
Hello All,
Server: SUSE Linux Enterprise Server 11.3 (x86_64)
Syslog-ng Version: syslog-ng 2.0.9
We have configured a Cisco router to send it's log messages to this server listed above. This has been working just perfectly
for the last couple months, but we had never setup the log... (9 Replies)
Discussion started by: mrm5102
9 Replies
9. Shell Programming and Scripting
Good afternoon all!! I am writing a shell script that will generate a random phrase to be used as a password.
this is the line I use to generate the password
echo `head -n 10 /dev/urandom | tr -cd "*+,-/:;<=>?_" | cut -c '1-'$3`
The third input in the command is the length of the password i... (6 Replies)
Discussion started by: cptkirkh
6 Replies
LEARN ABOUT MINIX
audit_binfile
audit_binfile(5) Standards, Environments, and Macros audit_binfile(5)
NAME
audit_binfile - generation of Solaris audit logs
SYNOPSIS
/usr/lib/security/audit_binfile.so
DESCRIPTION
The audit_binfile plugin module for Solaris audit, /usr/lib/security/audit_binfile.so, writes binary audit data to files as configured in
audit_control(4); it is the default plugin for the Solaris audit daemon auditd(1M). Its output is described by audit.log(4).
The audit_binfile plugin is loaded by auditd if audit_control contains one or more lines defining audit directories by means of the dir:
specification or if audit_control has a plugin: specification of name=audit_binfile.so.
OBJECT ATTRIBUTES
The p_dir and p_minfree attributes are equivalent to the dir: and minfree: lines described in audit_control. If both the dir: line and the
p_dir attribute are used, the plugin combines all directories into a single list with those specified by means of dir: at the front of the
list. If both the minfree and the p_minfree attributes are given, the p_minfree value is used.
EXAMPLES
The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of
required free space per directory.
flags: lo,ad,-fm
naflags: lo,ad
plugin: name=audit_binfile.so;
p_minfree=20;
p_dir=/etc/security/jedgar/eggplant,
/etc/security/jedgar.aux/eggplant,
/etc/security/global/eggplant
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
auditd(1M), audit_control(4), syslog.conf(4), attributes(5)
SunOS 5.10 20 May 2003 audit_binfile(5)