Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302586982 by hedkandi on Tuesday 3rd of January 2012 08:59:27 PM
Old 01-03-2012
Hi verdepollo

I meant to restart audit logs and secure logs at the end of the week, so it appends to a different file and the old logs are zipped

---------- Post updated at 05:59 PM ---------- Previous update was at 05:53 PM ----------

I just realised that it's easier to just add audit logs into the existing syslog logrotate definition (is that alright, or I will be facing problems later?)

Code:
[root@H99AXXX logrotate.d]# more syslog
/var/log/messages /var/log/secure /var/log/audit/audit.log  /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
   weekly
   rotate 24
   compress 
   sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

But then there's the question of space used up in /var. I've got SAP running on this VM and there's about 6 users on the system.
Last edited by hedkandi; 01-03-2012 at 09:54 PM.. Reason: typo
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT SUSE

scrollkeeper-rebuilddb

SCROLLKEEPER-REBUILDDB(8)				      System Manager's Manual					 SCROLLKEEPER-REBUILDDB(8)

NAME

       scrollkeeper-rebuilddb - rebuild the scrollkeeper document catalog database

SYNOPSIS

       scrollkeeper-rebuilddb [-p path ] [-v] [-q]

DESCRIPTION

       This rebuilds the ScrollKeeper database from the original OMF metadata files and documents.  Under normal situations, this tool is not nec-
       essary.	It is useful however if the database becomes corrupt, which could be caused by interruption of ScrollKeeper during  an	update	of
       the database.

       Errors and warnings are logged to /var/log/scrollkeeper.log.

OPTIONS

       -p path
	      Use path as the ScrollKeeper database directory.

       -v     Verbose.	Show warnings and error messages in addition to logging them to /var/log/scrollkeeper.log.

       -q     Run  in  quiet  mode, suppressing output of all but the most serious warning and error messages to STDOUT.  Note that most output to
	      the log file will be unchanged.

FILES

       /var/lib/scrollkeeper/scrollkeeper_docs
       /var/lib/scrollkeeper/TOC/<docnumber>
       /var/lib/scrollkeeper/<locale>/scrollkeeper_cl.xml
       /var/lib/scrollkeeper/<locale>/scrollkeeper_extended_cl.xml
       /var/log/scrollkeeper.log

AUTHOR

       Laszlo Kovacs   <laszlo.kovacs@sun.com>
       Dan Mueth       <d-mueth@uchicago.edu>

SEE ALSO

       scrollkeeper-config(1),	scrollkeeper-gen-seriesid(1),  scrollkeeper.conf(5),  scrollkeeper(7),	scrollkeeper-preinstall(8),  scrollkeeper-
       update(8)

scrollkeeper							    Dec 5, 2001 					 SCROLLKEEPER-REBUILDDB(8)
All times are GMT -4. The time now is 09:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy