|
|
Sponsored Content
Operating Systems
Solaris
ALOM Email Alerts
Post 302511919 by La-Paloma78 on Friday 8th of April 2011 01:23:58 AM
04-08-2011
|
|
10 More Discussions You Might Find Interesting
1. IP Networking
Dear Network Masters,
I want to know who brought up the concept of Email Alerts Feature.
are their any RFC's on Email Alerts????
Please let me know.
Thanks in Adv,
meti (1 Reply)
Discussion started by: ashokmeti
1 Replies
2. Solaris
I want to be able to use an account on a solaris 10 server, eg root@myhost
to act as a relay to forward mail to my domain account me@mycompany.com
The reason for this is to configure root@myhost as a mail relay on Brocade SAN switches - so that when a port goes bad i get an email alert.... (0 Replies)
Discussion started by: wibidee
0 Replies
3. AIX
Hi Guys,
I hope this is an easy question: I need some kind of script or an idea how I can convince syslog to send an email to root or someone else once cpu usage exceeds 95% or the memory consumption (maybe via AVM value times 4k) exceeds 85% of my real memory on any of my 700 lpars. We're... (4 Replies)
Discussion started by: zxmaus
4 Replies
4. UNIX for Dummies Questions & Answers
hi
I am running so scripts that clean up empty folders on our servers once a week.
I run from a cron. But what i would like to do is add a email notfication so i can be notified that it completed.
The script is
#Clean Empty Folders on Studio Share
perl... (1 Reply)
Discussion started by: treds
1 Replies
5. Shell Programming and Scripting
Hi,
I have written below disk space monitoring script to monitor disk space every minute. I have scheduled this script through cron. But now my problem is this script alerts the users continuously until the space is freed up. These emails are filling up the inbox exponentially until the space... (3 Replies)
Discussion started by: svajhala
3 Replies
6. Solaris
Hi Everyone.
What is the differece b/n ALOM and ALOM CMT Service processor.
I am trying reset ALOM login/passwd using scadm utility on T2000, while I am googling I came cross ALOM CMT doesnt support scadm utility, but ALOM supports.
Not sure how different are these.
Thanks, (0 Replies)
Discussion started by: bobby320
0 Replies
7. Shell Programming and Scripting
Hi all,
Thanks in Advance!!
I dont know how to start to write script for this process, my requirement is if any user logs into server automatically Admin get mail alert. how is this possible? any one guide me to complete this process. (1 Reply)
Discussion started by: anishkumarv
1 Replies
8. AIX
Hello,
I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior.
for example
1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert.
2) disk usage alerts
3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies
9. AIX
Hello,
I am trying to write a shell script, which will send email alerts to Admin/users when users password is going to expire in 15 days.
Can you please help me with the script.
thank you. (3 Replies)
Discussion started by: Kumar7997
3 Replies
10. UNIX for Dummies Questions & Answers
Good Day
Kindly assist:
I am creating an Alert that will notify supervisors of staff members who are due for probation report. I am using Operating System Script(Unix) as source.I have already developed the script.
Now the challenge is if there are 3 employee records then the alert... (2 Replies)
Discussion started by: nosi27
2 Replies
LEARN ABOUT DEBIAN
audisp-prelude
AUDISP-PRELUDE:(8) System Administration Utilities AUDISP-PRELUDE:(8) NAME
audisp-prelude - plugin for IDMEF alerts SYNOPSIS
audisp-prelude [ --test ] DESCRIPTION
audisp-prelude is a plugin for the audit event dispatcher daemon, audispd, that uses libprelude to send IDMEF alerts for possible Intrusion Detection events. This plugin requires connecting to a prelude-manager to record the events it sends. This plugin will analyze audit events in realtime and send detected events to the prelude-manager for correlation, recording, and display. Events that are currently supported are: Logins, Forbidden Login Location, Max Concurrent Sessions, Max Login Failures, Forbidden Login Time, SE Linux AVCs, SE Linux Enforcement Changes, Abnormal Program Termination, Promiscuous Socket Changes, and watched account logins. OPTIONS
--test Take input from stdin and write prelude events to stdout but does not send them to the prelude-manager. This can be used for debug- ging or testing the system with suspicious log files when you do not want it to alert or react. INSTALLATION
This sensor has to be registered with the prelude-manager before it will work properly. If the prelude-manager is on the same host as the sensor, you will need to open two windows to register. If not, you will have to adjust this example to fit your environment. In one window, type: prelude-admin register auditd idmef:w localhost --uid 0 --gid 0 In another, type: prelude-admin registration-server prelude-manager Follow the on-screen instructions to complete the registration. TIPS
If you are aggregating multiple machines, you should enable node information in the audit event stream. You can do this in one of two places. If you want computer node names written to disk as well as sent in the realtime event stream, edit the name_format option in /etc/audit/auditd.conf. If you only want the node names in the realtime event stream, then edit the name_format option in /etc/audisp/aud- ispd.conf. Do not enable both as it will put 2 node fields in the event stream. At this point, if you want have audit: forbidden login location, max concurrent sessions, max login failures, and forbidden login time anomalies being reported, you have to setup pam modules correctly. The pam modules are respectively: pam_access, pam_limits, pam_tally2, and pam_time. Please see the respective pam module man pages for any instructions. For performance reasons, some audit events will not produce syscall records which contain additional information about events unless there is at least one audit rule loaded. If you do not have any additional audit rules, edit /etc/audit/audit.rules and add something simple that won't impact performace like this: -w /etc/shadow -p wa. This rule will watch the shadow file for writes or changes to its attributes. The additional audit information provided by having at least one rule will allow the plugin to give a more complete view of the alert it is sending. If you are wanting to get alerts on watched syscalls, watched files, watched execution, or something becoming executable, you need to add some keys to your audit rules. For example, if you have the following audit watch in /etc/audit/audit.rules: -w /etc/shadow -p wa and you want idmef alerts on this, you need to add -k ids-file-med or something appropriate to signal to the plugin that this message is for it. The format of the key has a fixed format of keywords separated by a dash. It follows the form of ids-type-severity. The type can be either sys, file, exec, or mkexe depending on whether you want the event to be considered a watched_syscall, watched_file, watched_exec, or watched_mk_exe respectively. The severity can be either info, low, med, or hi depending on how urgent you would like it to be. EXAMPLE RULES
To alert on any use of the personality syscall: -a exit,always -S personality -k ids-sys-med To alert on a user failing to access the shadow file: -a always,exit -F path=/etc/shadow -F perms=wa -F success=0 -k ids-file-med To alert on the execution of a program: -w /bin/ping -p x -k ids-exe-info To alert on users making exe's in their home dir (takes 2 rules): -a exit,always -S fchmodat -F dir=/home -F a2&0111 -F filetype=file -k ids-mkexe-hi -a exit,always -S fchmod,chmod -F dir=/home -F a1&0111 -F filetype=file -k ids-mkexe-hi FILES
/etc/audisp/plugins.d/au-prelude.conf, /etc/audit/auditd.conf, /etc/audisp/audispd.conf, /etc/audisp/audisp-prelude.conf SEE ALSO
audispd(8), prelude-manager(1), auditd.conf(8), audispd.conf(8), audisp-prelude.conf(5). AUTHOR
Steve Grubb Red Hat Dec 2008 AUDISP-PRELUDE:(8)