Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302586982 by hedkandi on Tuesday 3rd of January 2012 08:59:27 PM
Old 01-03-2012
Hi verdepollo

I meant to restart audit logs and secure logs at the end of the week, so it appends to a different file and the old logs are zipped

---------- Post updated at 05:59 PM ---------- Previous update was at 05:53 PM ----------

I just realised that it's easier to just add audit logs into the existing syslog logrotate definition (is that alright, or I will be facing problems later?)

Code:
[root@H99AXXX logrotate.d]# more syslog
/var/log/messages /var/log/secure /var/log/audit/audit.log  /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
   weekly
   rotate 24
   compress 
   sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

But then there's the question of space used up in /var. I've got SAP running on this VM and there's about 6 users on the system.
Last edited by hedkandi; 01-03-2012 at 09:54 PM.. Reason: typo
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT DEBIAN

doveadm-log

DOVEADM-LOG(1)							      Dovecot							    DOVEADM-LOG(1)

NAME

       doveadm-log - Locate, test or reopen Dovecot's log files

SYNOPSIS

       doveadm [-Dv] log errors
       doveadm [-Dv] log find [directory]
       doveadm [-Dv] log reopen
       doveadm [-Dv] log test

DESCRIPTION

       The  doveadm  log commands are used to locate and reopen the log files of dovecot(1).  It's also possible to test the configured targets of
       the *log_path settings.

OPTIONS

       Global doveadm(1) options:

       -D     Enables verbosity and debug messages.

       -v     Enables verbosity, including progress counter.

COMMANDS

   log errors
       doveadm log errors

       The log errors command is used to show the last	- up to 1,000 - errors and warnings.  If no output is generated, no errors  have  occurred
       since the last start.

   log find
       doveadm log find [directory]

       The  log  find  command	is used to show the location of the log files, to which dovecot(1) sends its log messages.  If dovecot(1) logs its
       messages through syslogd(8) and doveadm(1) could not find any log files, you can specify the directory where your syslogd  writes  its  log
       files.

   log reopen
       doveadm log reopen

       This command causes doveadm to reopen all log files, configured in the log_path, info_log_path and debug_log_path settings.  These settings
       are configured in /etc/dovecot/conf.d/10-logging.conf.
       This is for example useful after manually rotating the log files.

   log test
       doveadm log test

       This command causes doveadm to write the message "This is Dovecot's priority log (timestamp)" to the configured log files.  The used prior-
       ities are: debug, info, warning, error and fatal.

EXAMPLE

       This example shows how to locate the log files used by dovecot(1).

       doveadm log find
       Looking for log files from /var/log
       Debug: /var/log/dovecot.debug
       Info: /var/log/mail.log
       Warning: /var/log/mail.log
       Error: /var/log/mail.log
       Fatal: /var/log/mail.log

REPORTING BUGS

       Report  bugs,  including doveconf -n output, to the Dovecot Mailing List <dovecot@dovecot.org>.	Information about reporting bugs is avail-
       able at: http://dovecot.org/bugreport.html

SEE ALSO

       doveadm(1)

Dovecot v2.1							    2012-02-22							    DOVEADM-LOG(1)
All times are GMT -4. The time now is 06:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy