Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure & Audit logs
Operating Systems Linux Red Hat Secure & Audit logs Post 302587646 by verdepollo on Thursday 5th of January 2012 12:29:56 PM
Old 01-05-2012
Well, seems you've already figured out how to solve it, am I right?

If you just want to hear an opinion, both options are OK. Try them both and see which one fits better to your preference. That's the beauty of linux, there are a plethora of ways to solve a single problem.
This User Gave Thanks to verdepollo For This Post:
hedkandi
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Security & audit

I am new to the world of Unix. As part of my understanding to have a big picture of Unix, I need to understand: 1. How to review the existing unix system or audit for the settings? 2. How do I go about fixing the holes? (4 Replies)
Discussion started by: amundra
4 Replies

2. UNIX and Linux Applications

Secure FTP Client that Logs well

Folks I am on a quest.... I am looking for a lightweight FTP client capable of FTPS and or SFTP that has good audit and logging capabilities without requiring a central server component. My platforms are Linux, Solaris, AIX, and Windows Server. The kicker is I have found things that meet the... (3 Replies)
Discussion started by: ArtF
3 Replies

3. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. Solaris

Configuring 'auditd' service to not store the audit logs in /var partition

Hello all, I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine. However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path. So, Is there anyway to stop... (2 Replies)
Discussion started by: Anti_Evil
2 Replies

7. Red Hat

Comprehensive Disk & Server Logs.

Hello All, I'm using a RHEL6.4 on IBM X3850 X5 server. I want to get a comprehensive report containing disk-wise health status as well as overall server status. I see there's utility "ibm_utl_dsa_dsytd3h-9.51_portable_rhel6_x86-64.bin" which is also used to do diagnostics tasks. I'm not sure of... (1 Reply)
Discussion started by: vaibhavvsk
1 Replies

8. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

9. UNIX for Beginners Questions & Answers

Grep a pattern & Email from latest logs

MyLOG: 2017/11/12 17:01:54.600 : Error: LPID: 3104680848 WRONG CRITERIA FOUND. tRealBuilder::Generate Output Required: If Ke word "WRONG CRITERIA FOUND" in latest log ( logs are regularly generating - real time) mail to us once mailed wait for 2 hours for second mail. mail subject... (3 Replies)
Discussion started by: vivekn
3 Replies

10. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

LEARN ABOUT OSF1

audit_setup

auditconfig(8)						      System Manager's Manual						    auditconfig(8)

NAME

       auditconfig, audit_setup - Audit subsystem configuration graphical interface (Enhanced Security)

SYNOPSIS

       /usr/sbin/sysman auditconfig

       NOTE:  The audit_setup utility has been replaced by the auditconfig graphical interface.

DESCRIPTION

       The  graphical  user interface is used interactively to establish the audit environment on your system.	The interface can be selected from
       the Sysman menu, syman_station (including PC clients), or it can be started from the command line.  See the sysman(8) and  syman_station(8)
       reference pages for more details.

       If  a  kernel  rebuild is required as part of the configuration, auditconf guides the user through the rebuild and reboot.  The auditconfig
       interface configures the following aspects of the audit subsystem: Location of the audit logs.  The /var/audit/ directory  is  the  default
       area.   Action  for  the  audit subsystem to take if the file space allocated for audit logs is exhausted.  Trimming of audit logs.  Enable
       accepting audit data from remote systems.  Select the profiles/categories of events to be audited.  Include environment strings with an	or
       system call.

       You must be root to run

FILES

       /etc/sec/event_aliases
	      A set of aliases by which logically related groupings of events can be constructed.  You can modify this set of aliases to suit your
	      site's requirements.

       /etc/sec/auditmask_style
	      Auditmask style selections.

       /etc/sec/auditd_clients
	      A list of hosts from which audit data can be accepted.

       /etc/sec/auditd_loc
	      A list of alternative locations in which auditd stores audit data when an overflow condition is reached.

       /etc/sec/audit_events
	      A list of all security-relevant system calls and trusted (application) events.  You can modify this file or use it as a template.

       /etc/sec/file_objects/*
	      The list of files that auditconfig used to enable object selection or deselection.

       /etc/rc.config.common
	      The cluster-wide rc variables for the audit subsystem.

       /etc/sec/rc_audit_events
	      Used for input to for audit events during system initialization.

       /etc/sec/fs_objects
	      Created when object (de)selection is derived from a profile(category).  It contains the selected profile's entries of file objects.

RELATED INFORMATION

       Commands: auditmask(8), auditd(8), sysman(8), sysman_station(8)
       Security, System Administration delim off

																    auditconfig(8)
All times are GMT -4. The time now is 09:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy