Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302586640 by hedkandi on Tuesday 3rd of January 2012 12:23:07 AM
Old 01-03-2012
Secure & Audit logs
Hi all

I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.

I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/ and soon I'll remove the secure logs from default syslog logrotate definition

Code:
# used by all secure logs 
/var/log/secure 
{     
weekly     
rotate 24     
compress 
    notifempty     
sharedscripts 
    postrotate
 -------------------------->how do i reload secure logs?     
endscript 
}

 #used by all audit.log 
/var/log/audit/audit.log 
{     
weekly     
rotate 24     
compress     
notifempty 
    sharedscripts     
postrotate 
        -------------------------->how do i reload audit logs?     
endscript 
}

Could someone please check and ensure if this setting is correct? Also, how do I restart both logs after it has been compressed and store on the server? My syslog reads like this:

Code:
[root@H99AXXX logrotate.d]# more syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
   monthly
   rotate 6
   compress 
   sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

[root@H99AXXX logrotate.d]# uname -a
Linux H99AXXX 2.6.18-274.7.1.el5 #1 SMP Mon Oct 17 11:57:14 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@H99AXXX logrotate.d]#

Last edited by hedkandi; 01-03-2012 at 01:23 AM.. Reason: add OS details
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT CENTOS

aulast

AULAST:(8)						  System Administration Utilities						AULAST:(8)

NAME

       aulast - a program similar to last

SYNOPSIS

       aulast [ options ] [ user ] [ tty ]

DESCRIPTION

       aulast  is  a  program  that prints out a listing of the last logged in users similarly to the program last and lastb. Aulast searches back
       through the audit logs or the given audit log file and displays a list of all users logged in (and out) based on the range of time  in  the
       audit  logs. Names of users and tty's can be given, in which case aulast will show only those entries matching the arguments. Names of ttys
       can be abbreviated, thus aulast 0 is the same as last tty0.

       The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since  the  log  file  was
       created.

       The  main  difference  that  a user will notice is that aulast print events from oldest to newest, while last prints records from newest to
       oldest. Also, the audit system is not notified each time a tty or pty is allocated, so you may not see quite  as  many  records	indicating
       users and their tty's.

OPTIONS

       --bad  Report on the bad logins.

       --extract
	      Write raw audit records used to create the displayed report into a file aulast.log in the current working directory.

       -ffile Use the file instead of the audit logs for input.

       --proof
	      Print  out the audit event serial numbers used to determine the preceding line of the report. A Serial number of 0 is a place holder
	      and not an actual event serial number. The serial numbers can be used to examine the actual audit records in more  detail.  Also	an
	      ausearch query is printed that will let you find the audit records associated with that session.

       --stdin
	      Take audit records from stdin.

EXAMPLES

       To see this month's logins
       ausearch --start this-month --raw | aulast --stdin

SEE ALSO

       last(1), lastb(1), ausearch(8), aureport(8).

AUTHOR

       Steve Grubb

Red Hat 							     Nov 2008								AULAST:(8)
All times are GMT -4. The time now is 05:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy