Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Aix 5.3 Audit issue - not orking properly
Operating Systems AIX Aix 5.3 Audit issue - not orking properly Post 302463975 by kmvinay on Tuesday 19th of October 2010 02:52:18 AM
Old 10-19-2010
Aix 5.3 Audit issue - not orking properly

Hello Friends,
I had enabled the audit and configured for sysadmin user alone in audit config file. but the audit starts logging for root user alone.

Attached the conf file. I want the aduit to record only for sysadmin activities..

need your expertise and help in solving the issue.
audit conf.txt (319 Bytes) 
Last edited by kmvinay; 10-20-2010 at 07:44 AM.. Reason: spell mistake
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

awk issue on AIX

Hi, two teams at two locations - A & B. At location A, we have AIX 5.3 and at location B, we have AIX 5.1. We execute the below awk command in loc A and it executes successfully(part of a larger script). But the same does not get executed in the loc B server. We are not able to access the loc B... (1 Reply)
Discussion started by: ranj@chn
1 Replies

2. AIX

AIX audit users activity

Is there a tool or application the will audit users activity? I've tryed to use audit the comes with AIX but to gathers so much information it is near impossible to see what they are doing. I just want to monitor logins and and files they create or change. (9 Replies)
Discussion started by: daveisme
9 Replies

3. AIX

How to apply aix 5.3 TL8 properly on ML5 aix system ?

Is it necessary to put system into single user mode for applying aix 5.3 TL8 on a aix 5.3.5.0 system ? Is the TL8 installation not totally safe ? thank you. (6 Replies)
Discussion started by: astjen
6 Replies

4. AIX

tcp_ephemeral_high issue with AIX 5.2

Hello, I have AIX5.2. I am trying to set tcp_ephemeral_high port value to 5000 and tcp_ephemeral_low value to 1024. tcp_ephemeral_high is not possible to set below 32769. pls advise how to set tcp_ephemeral_high value to 5000. (7 Replies)
Discussion started by: balareddy
7 Replies

5. AIX

Issue "Error 404" when upgrade AIX 5300-05-CSP-0000 to AIX (5300-09-02-0849)

Please read my issue! My old server using: - AIX system operating (5300-05-CSP-0000) - WebSphere 6.1.0.21 (Fix Pack 21) After I've upgraded version AIX - AIX system operating (5300-09-02-0849) - WebSphere 6.1.0.21 (Fix Pack 21) I have 1 issue when I access home page: "Error... (0 Replies)
Discussion started by: gamonhon
0 Replies

6. UNIX for Dummies Questions & Answers

Issue with shell script: not detecting file properly

The following script is meant to check the presence of a file - called filename0.94.tar.gz - and uncompress it: #!/bin/sh # check presence of file VERSION=0.94 if ; then # file not present: abort echo "Files cannot be found." #exit 1 (commented out this line, so we can see how the... (2 Replies)
Discussion started by: figaro
2 Replies

7. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

8. Shell Programming and Scripting

Sed script not working properly on Solaris (works fine on AIX)?

Hi, I have a problem with a SED script that works fine on AIX but does not work properly on a Solaris system. The ksh script executes the SED and puts the output in HTML in tables. But the layout of the output in HTML is not shown correctly(no tables, no color). Can anyone tell if there is... (7 Replies)
Discussion started by: Faith111
7 Replies

9. AIX

AIX FTP issue

Hi, I ftpd "binary" mode into a AIX server and transferred .tar.tar files. When i untar using "tar -xvf <filename>.tar.gz" It shows "tar: 0511-169 A directory checksum error on media; 0 not equal to 70568." Please Help!! (3 Replies)
Discussion started by: Priya Amaresh
3 Replies

10. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

LEARN ABOUT HPUX

auditd

auditd(1m)																auditd(1m)

NAME

       auditd - Starts the DCE Audit Daemon.

SYNOPSIS

       auditd [-t trail_file] [-a] [-s size] [-wrap] [-w svc_route] [-d debug_level]

OPTIONS

       Specifies  the  pathname  of  the  audit  trail	file  used  by	the  Audit  daemon.   The  default  path of the audit trail file is dcelo-
       cal/var/aud/adm/central_trail.  If an audit trail file name (instead of an absolute pathname) is specified, the file will be created in the
       dcelocal/var/aud/adm/  directory.   Audits  the Audit daemon's control interface access.  Sets a warning threshold on the size of the audit
       trail file.  The Audit daemon displays a warning message each time an audit record is appended to the audit trail after the  threshold  has
       been  reached.	Wraps  the recording of audit events to the beginning of the audit trail file when its size limit is reached.  The default
       action when the size limit has been reached is to stop auditing.  Specifies where each level of serviceability messages	are  routed.   The
       svc_route argument is divided into three fields, separated by colons - the level, a routing identifier, and a routing parameter:

       severity:how:where

       See  svcroute(5) for possible values for these fields.  Specifies debugging level of sub-components. The debug_level argument contains four
       fields separated by a colon:

       component:flags:how:where

       See svcroute(5) for possible values of these fields.

DESCRIPTION

       The auditd command starts the Audit daemon.  The Audit daemon must be run on the host before the audit clients.

       The Audit daemon can only service audit clients that are on the host where it is running.  Thus, an Audit daemon must be installed and  run
       on every host in the cell that has audit clients (audit clients include DCE servers and user-written application servers).

       The Audit daemon has two functions.  It maintains the filter files which are shared by all audit clients running on the host.  It also pro-
       vides an audit record logging service to these clients.

       The Audit daemon runs under the local host's machine principal identity (host/hostname/self).

       A DCE Host daemon (dced) must be running on the local host when auditd is started.  Typically, dced and auditd are started  at  boot  time.
       The  auditd  process places itself in the background and sends messages indicating it is ready to service requests for updating or querying
       filters and logging audit records.

   Privileges Required
       You must be logged into a privileged account (cell_admin or a member of the audit-admin group) to be able to run auditd.

EXAMPLES

       The following example starts the Audit daemon using the default audit trail file (dcelocal/var/aud/adm/central_trail): $ auditd

       The following example starts the Audit daemon and specifies my_trail_file as the audit trail file.  $auditd -t my_trail_file

       The following example starts the Audit daemon and specifies where each level of serviceability messages is going to be routed.  $ auditd -w
       FATAL:FILE:/dev/console -w NOTICE:FILE:/opt/dcelocal/var/audit/adm/svc_log

       The following example starts the Audit daemon and  specifies the debugging level.  $ auditd -d 1,esl.9

RELATED INFORMATION

       aud(1m), audevents(1m), audfilter(1m), audtrail(1m), dcecp(1m).

																	auditd(1m)
All times are GMT -4. The time now is 01:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy