01-04-2012
I'm still not getting you fully. You want to rotate the logs every 6 months, but also on a weekly basis?
You can indeed use your current syslog and just add more logs to it; Keep in mind however that all other logs will also start to follow the same 6-month rotation rules. Mail spools for instance are prone to eat up large amounts of space when something goes wrong whith the mail daemon. The same is true for "messages" log file if it's keeping a record of debugging information.
Used space in /var depends on the size of the logs as well as the size of the filesystem. Without having a good understanding of your particular system it'd be hard to tell exactly what would be the best approach to follow in order to prevent disk saturation.
Last edited by verdepollo; 01-04-2012 at 03:19 PM..
10 More Discussions You Might Find Interesting
1. Cybersecurity
I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand:
1. How to review the existing unix system or audit for the settings?
2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies
2. UNIX and Linux Applications
Folks
I am on a quest....
I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server.
The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies
3. Solaris
How do i find if audit logs is secured inside Solaris 10?
· Verify that that audit log files are secured and owned appropriately.
this is the question (1 Reply)
Discussion started by: werbotim
1 Replies
4. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
5. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
6. Solaris
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies
7. Red Hat
Hello All,
I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status.
I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies
8. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
9. UNIX for Beginners Questions & Answers
MyLOG:
2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate
Output Required:
If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us
once mailed wait for 2 hours for second mail.
mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies
10. Solaris
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT OSF1
audit_setup
auditconfig(8) System Manager's Manual auditconfig(8)
NAME
auditconfig, audit_setup - Audit subsystem configuration graphical interface (Enhanced Security)
SYNOPSIS
/usr/sbin/sysman auditconfig
NOTE: The audit_setup utility has been replaced by the auditconfig graphical interface.
DESCRIPTION
The graphical user interface is used interactively to establish the audit environment on your system. The interface can be selected from
the Sysman menu, syman_station (including PC clients), or it can be started from the command line. See the sysman(8) and syman_station(8)
reference pages for more details.
If a kernel rebuild is required as part of the configuration, auditconf guides the user through the rebuild and reboot. The auditconfig
interface configures the following aspects of the audit subsystem: Location of the audit logs. The /var/audit/ directory is the default
area. Action for the audit subsystem to take if the file space allocated for audit logs is exhausted. Trimming of audit logs. Enable
accepting audit data from remote systems. Select the profiles/categories of events to be audited. Include environment strings with an or
system call.
You must be root to run
FILES
/etc/sec/event_aliases
A set of aliases by which logically related groupings of events can be constructed. You can modify this set of aliases to suit your
site's requirements.
/etc/sec/auditmask_style
Auditmask style selections.
/etc/sec/auditd_clients
A list of hosts from which audit data can be accepted.
/etc/sec/auditd_loc
A list of alternative locations in which auditd stores audit data when an overflow condition is reached.
/etc/sec/audit_events
A list of all security-relevant system calls and trusted (application) events. You can modify this file or use it as a template.
/etc/sec/file_objects/*
The list of files that auditconfig used to enable object selection or deselection.
/etc/rc.config.common
The cluster-wide rc variables for the audit subsystem.
/etc/sec/rc_audit_events
Used for input to for audit events during system initialization.
/etc/sec/fs_objects
Created when object (de)selection is derived from a profile(category). It contains the selected profile's entries of file objects.
RELATED INFORMATION
Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)
Security, System Administration delim off
auditconfig(8)