I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/ and soon I'll remove the secure logs from default syslog logrotate definition
Could someone please check and ensure if this setting is correct? Also, how do I restart both logs after it has been compressed and store on the server? My syslog reads like this:
Last edited by hedkandi; 01-03-2012 at 01:23 AM..
Reason: add OS details
I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand:
1. How to review the existing unix system or audit for the settings?
2. How do I go about fixing the holes? (4 Replies)
Folks
I am on a quest....
I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server.
The kicker is I have found things that meet the... (3 Replies)
How do i find if audit logs is secured inside Solaris 10?
· Verify that that audit log files are secured and owned appropriately.
this is the question (1 Reply)
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Hello All,
I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status.
I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
MyLOG:
2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate
Output Required:
If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us
once mailed wait for 2 hours for second mail.
mail subject... (3 Replies)
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT DEBIAN
autrace
AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)