Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302587406 by hedkandi on Wednesday 4th of January 2012 10:03:15 PM
Old 01-04-2012
Sorry for that, got you confused too

Well, here's the requirement from the end user

1. to keep (certain system logs i.e-secure, messages, audit) logs for a period of 6 months (24 weeks)

Here's how I was planning on doing it

1. Rotate the logs for 24 weeks on weekly basis before removing them
2. But not before compressing the old logs weekly
So my logs would look like this

Code:
-rw------- 1 root root  1619422 Dec 5 04:02 messages.1.gz
-rw------- 1 root root 14822696 Dec 12 04:02 messages.2.gz
-rw------- 1 root root 15021180 Dec 19 04:02 messages.3.gz
-rw------- 1 root root 20300421 Dec 26 04:02 messages.4.gz
-rw------- 1 root root 13564183 Jan  2 11:52 messages.5.gz
-rw------- 1 root root 13564183 Jan  5 11:52 messages---------current log

The other way I was planning is it to rotate it on monthly basis:

1. Rotate the logs each month for 6 months before removing them
2. But not before compressing the old logs monthly

Code:
-rw------- 1 root root  1619422 Dec 2 04:02 messages.1.gz
-rw------- 1 root root 14822696 Jan 2 04:02 messages.2.gz
-rw------- 1 root root 15021180 Feb 2 04:02 messages.3.gz
-rw------- 1 root root 20300421 Mar 2 04:02 messages.4.gz
-rw------- 1 root root 13564183 Jan  2 11:52 messages.5.gz
-rw------- 1 root root 13564183 Jan  5 11:52 messages---------current log

Also I have about 4G of space on /var and if disk space is exhausted I can just add in another disk.

I know this will totally consume /var but they're really fussy about the logs so I have no choice but to keep them, however I can definitely housekeep these files if they grow too large and recall later from backup tapes..hope this is clear enough for your understanding Smilie
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT DEBIAN

pmvarrun

pmvarrun(8)							     pam_mount							       pmvarrun(8)

Name
       pmvarrun - updates /var/run/pam_mount/user

Syntax
       pmvarrun -u user [options]

Description
       A  separate  program is needed so that /var/run/pam_mount/user may be created with a pam_mount-specific security context (otherwise SELinux
       policy will conflict with gdm, which also creates file in /var/run).

       pmvarrun is flexible and can run in a number of different security setups:

   root-root
       When pmvarrun is invoked as root, /var/run/pam_mount's permission settings can be as strict as needed; usually (0755,root,root) is  a  good
       pick  as  it  gives  users the debug control over their refcount. Refcount files are given their respective owners (chowned to the user who
       logs in).

   user-user
       When invoked as the user who logs in, /var/run/pam_mount needs appropriate permissions to create a file, which means the write bit must	be
       set. It is also highly suggested to set the sticky bit in this case, so other users do not tamper with your refcount.

   root-user
       Some  programs or login helpers incorrectly call the PAM stack in a way that the login phase is done as root and the logout phase as a nor-
       mal user.  Nevertheless, pmvarrun supports this, and the same permissions as in root-root can be used. While the user may not  be  able	to
       unlink his file from /var/run/pam_mount, it will be truncated to indicate the same state.

Options
       --help, -h
	      Display help.

       --user user, -u user
	      User to handle, must be a valid username.

       --operation number, -o number
	      Increase volume count by number.

       -d     Turn on debugging.

Files
       /var/run/pam_mount/user

Author
       This  manpage  was originally written by Bastian Kleineidam <calvin@debian.org> for the Debian distribution of libpam-mount but may be used
       by others.

       See /usr/share/doc/packages/libpam-mount/copyright for the list of original authors of pam_mount.

pam_mount							    2008-10-08							       pmvarrun(8)
All times are GMT -4. The time now is 03:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy