Forum topic is Sun Solaris, seems likely that's the OS the O/P is using?
I wasn't going to try and answer this one as I'm not that familier with audit, but now the thread is no longer in 'unanswered' state, I'll have a go
You can use audit -n to trigger the creation of a new audit file, the old one can then be archived/deleted/whatever as you please.
A suitable logadm.conf line to handle this would be:
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Hi guys,
I've googled this quite a bit, and tried searching on these forums, but haven't found a solution to my problem. I wanted to inquire about AIX's audit subsystem - more specifically, how to rotate its log file.
So far I've been able to find how to rotate AIX syslog log files, and I... (2 Replies)
hi all,
i have enabled audit in our server it is working fine,but now i want to reduce the space with out removing audit.i.e..i want to delete some lines from audit file. here if i use vi editer, audit is not geting up.
i want to delete the data i.e..logs for every 6 days in audit file
plz... (3 Replies)
Hi,
I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).... (5 Replies)
I am aware that the timestamps of the audit log files are in the following format :
file, 2011-09-13 07:40:24 .000 -4
Is there anyway that I can display the timestamps in local time format.
Thanks for the help.
---------- Post updated at 02:18 PM ---------- Previous update was at 01:06... (0 Replies)
How do i find if audit logs is secured inside Solaris 10?
· Verify that that audit log files are secured and owned appropriately.
this is the question (1 Reply)
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Hi,
I'm fairly new to administering RedHat (or any Linux system for that matter), and was wondering if someone could help me work out how to best manage audit logs.
In a nutshell, this is what I need to do:
- Compress audit.log file(s) once a month and delete the originals
- The... (0 Replies)
Dear users,
I have SLES 11 and SLES 10 servers.
I'd like to receive an alert when audit log files reach certain percentage of full.
1. Is '/etc/audit/auditd.conf' the right file to modify?
2. I'd like to receive email alert. Can I specify my email in this parameter 'action_mail_acct... (1 Reply)
I am trying to parse the audit log to find a particular date that associated with a user record. The Date and the context of the record that I need to extract from the audit.log are 11-07-2015, the username and the activity he or she performed that day.
Here is my code:
grep -c date -d... (3 Replies)
Discussion started by: dellanicholson
3 Replies
LEARN ABOUT SUNOS
delete-audit-module
asadmin-delete-audit-module(1AS) User Commands asadmin-delete-audit-module(1AS)NAME
create-audit-module - removes the named audit-module
SYNOPSIS
delete-audit-module --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile filename]
[--terse=false] [--echo=false] [--interactive=true] audit_module_name
Removes the named audit module. This command is supported in remote mode only.
OPTIONS --user authorized domain application server administrative username.
--password password to administer the domain application server.
--host machine name where the domain application server is running.
--port port number of the domain application server listening for administration requests.
--secure if true, uses SSL/TLS to communicate with the domain application server.
--passwordfile file containing the domain application server password.
--terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
formatted data for consumption by a script. Default is false.
--echo setting to true will echo the command line statement on the standard output. Default is false.
--interactive if set to true (default), only the required password options are prompted.
OPERANDS
audit_module_name name of the audit module to be deleted.
Example 1: Using delete-audit-module
asadmin> delete-audit-module --user admin1
--password adminadmin1 --host pigeon --port 5001 sampleAuditModule
Command delete-audit-module executed successfully
EXIT STATUS
0 command executed successfully
1 error in executing the command
asadmin-create-audit-module(1AS), asadmin-list-audit-modules(1AS)J2EE 1.4 SDK March 2004 asadmin-delete-audit-module(1AS)
08-25-2009
