Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302586640 by hedkandi on Tuesday 3rd of January 2012 12:23:07 AM
Old 01-03-2012
Secure & Audit logs
Hi all

I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.

I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/ and soon I'll remove the secure logs from default syslog logrotate definition

Code:
# used by all secure logs 
/var/log/secure 
{     
weekly     
rotate 24     
compress 
    notifempty     
sharedscripts 
    postrotate
 -------------------------->how do i reload secure logs?     
endscript 
}

 #used by all audit.log 
/var/log/audit/audit.log 
{     
weekly     
rotate 24     
compress     
notifempty 
    sharedscripts     
postrotate 
        -------------------------->how do i reload audit logs?     
endscript 
}

Could someone please check and ensure if this setting is correct? Also, how do I restart both logs after it has been compressed and store on the server? My syslog reads like this:

Code:
[root@H99AXXX logrotate.d]# more syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
   monthly
   rotate 6
   compress 
   sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

[root@H99AXXX logrotate.d]# uname -a
Linux H99AXXX 2.6.18-274.7.1.el5 #1 SMP Mon Oct 17 11:57:14 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@H99AXXX logrotate.d]#

Last edited by hedkandi; 01-03-2012 at 01:23 AM.. Reason: add OS details
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT DEBIAN

autrace

AUTRACE:(8)						  System Administration Utilities					       AUTRACE:(8)

NAME

       autrace - a program similar to strace

SYNOPSIS

       autrace program [-r] [program-args]...

DESCRIPTION

       autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
       to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes	all  audit
       rules  prior  to  executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
       with auditctl prior to use.

OPTIONS

       -r     Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
	      in logs.

EXAMPLES

       The following illustrates a typical session:

       autrace /bin/ls /tmp
       ausearch --start recent -p 2442 -i

       and for resource usage mode:

       autrace -r /bin/ls
       ausearch --start recent -p 2450 --raw | aureport --file --summary
       ausearch --start recent -p 2450 --raw | aureport --host --summary

SEE ALSO

       ausearch(8), auditctl(8).

AUTHOR

       Steve Grubb

Red Hat 							     Jan 2007							       AUTRACE:(8)
All times are GMT -4. The time now is 03:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy