Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How can i track the Communication between LPARs?
Operating Systems AIX How can i track the Communication between LPARs? Post 302801483 by -=XrAy=- on Thursday 2nd of May 2013 05:05:02 AM
Old 05-02-2013
Hi,

i'm not a specalist in these security features of AIX. But as far as i know, you have to configure the audit subsystem and the syslog facility to get these information.

Auditing and Accounting on AIX - IBM Redbooks

Here you can define which file in which way should be monitored:
Example: [/etc/security/audit/objects]
Code:
/etc/security/audit/config:
        w = "AUD_CONFIG_WR"

/etc/security/audit/objects:
        w = "FILE_Open"

/etc/syslog.conf:
        w = "FILE_Open"

/etc/passwd:
        w = "PASSWORD_Change"

A successfull configuration will generate a entry in /var/adm/authlog like:
Code:
May  2 10:51:13 xxxxxxxxx auth|security:notice audit: FILE_Open ; root ; OK ; Global ;   write event detected ;/etc/security/tsd/tsd.dat

You also need to configure your syslog facility to get the required information.
Example: [/etc/syslog.conf]
Code:
auth.info                                /var/adm/authlog rotate size 5m files 10

Restart syslogd:
Code:
stopsrc -s syslogd
startsrc -s syslogd

Finally the "last" command will give you some informationen about (previous) logins.

Hope this helps a bit...
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies

2. AIX

Virtual Ethernet VIO HMC LPARs

Hi, I am little confused about the virtual Ethernet configuration on VIO and Client Partitions. There is alot of info on the internet but it gets more confusing.... If I have LHEA, it is very simple. Just assign LHEA (logical host ethernet adapter) to client partition -> run smitty tcpip and... (10 Replies)
Discussion started by: filosophizer
10 Replies

3. AIX

Inherited VIO server an LPARs

Lucky me, someone has installed a server and got it running with the best intentions, but leaving me a headache. :wall: We have a simple p520 with 4 disks. 2x145Gb & 2x300Gb. The smaller disk pair have been built into a VIO mirrored rootvg, and quite right too. The other two disks form a... (3 Replies)
Discussion started by: rbatte1
3 Replies

4. AIX

Shared Disk in VIOS between two LPARs ?

is there any way to create shared virtual disk between two LPARs like how you can do it using Storage through Fiber on two servers ? Trying to stimulate HACMP between two LPARs (1 Reply)
Discussion started by: filosophizer
1 Replies

5. AIX

Simple questions about LPARs

Hello, I am looking into virtualizing AIX 7.1 on our p7 machine that already has AIX 7.1 installed on it. I have a few questions about them: 1) In order to gain LPAR functionality, do I need to purchase PowerVM software? 2) I read that LPARs are managed from locally attached graphical... (1 Reply)
Discussion started by: bstring
1 Replies

6. AIX

Cloning OS using alt_disk_install to new LPARs

Hi Folks, I am working on a task - Cloning the OS from fullSystem partition to 3 new LPAR's using alt_disk_install. I just wanted to clarify my steps here. 1. alt_disk_install -CBO hdisk1 and rename it to alt1 2. alt_disk_install -CBO hdisk2 and rename it to alt2 3. alt_disk_install... (4 Replies)
Discussion started by: snchaudhari2
4 Replies

7. AIX

Creating LPARS in AIX

Hi, I have a p520 with 2 cpus and 10gb of ram.Is it sufficient enough to create 2 lpars.What other things we have to check. (2 Replies)
Discussion started by: sekar52
2 Replies

8. AIX

Automation of AIX LPARs reboot

Hello Everyone, Can you please help me with the following questions regarding recycling LPARs. 1) Is it recommended to automate the reboot of AIX LPARs with a script ? i mean we've few App LPARs and Database LPARs. we would like to bring down LPARs on last sunday of every month for about 1... (4 Replies)
Discussion started by: System Admin 77
4 Replies

9. AIX

Is it must to enable TCB on AIX LPARs ?

Hi, I've verified my AIX 7.1 LPAR , and TCB is disabled by default. #odmget -q attribute=TCB_STATE PdAt PdAt: uniquetype = "" attribute = "TCB_STATE" deflt = "tcb_disabled" values = "" width = "" type = "" generic = "" ... (3 Replies)
Discussion started by: System Admin 77
3 Replies

10. AIX

Changing VLAN on AIX lpars in the same subnet

Hi Guys, Our lpars is currently running on 2 different vlans (20, 30). Now we have a requirement that vlan 30 needs to be change to vlan 31 at the same subnet. I'm not sure on what is the best approach for this or what change is involve on the AIX side. This is our setup. Network switch -... (5 Replies)
Discussion started by: kaelu26
5 Replies

LEARN ABOUT OSF1

syslog.conf

syslog.conf(4)						     Kernel Interfaces Manual						    syslog.conf(4)

NAME

       syslog.conf - syslogd configuration file

SYNOPSIS

       facility.severity	     destination  Where: Is part of the system generating the message, specified in /usr/include/sys/syslog_pri.h.
       See also the syslogd(8) reference page.	The severity level, which can be emerg, alert, crit, err, warning, notice, info,  or  debug.   See
       /usr/include/sys/syslog_pri.h.

	      The  syslogd  daemon  logs  all  messages of the specified severity level plus all messages of greater severity. For example, if you
	      specify level err, all messages of levels err, crit, alert, and emerg or panic are logged.  A local file pathname to a log  file,  a
	      host  name  for  remote logging or a list of users.  In the latter case the users will receive messages when they are logged in.	An
	      asterisk (*) causes a message to be sent to all users who are currently logged in.

DESCRIPTION

       The /etc/syslog.conf file is a system file that enables you to configure or filter events that are to be logged by syslogd. You can specify
       more than one facility and its severity level by separating them with semicolons.

       You can specify more than one facility logs to the same file by separating the facilities with commas, as shown in the EXAMPLES section.

       The  syslogd  daemon ignores blank lines and lines that begin with an octothorpe (#). You can specify # as the first character in a line to
       include comments in the file or to disable an entry. The facility and severity level are separated from the destination by one or more  tab
       characters.

       If  you	want the syslogd daemon to use a configuration file other than the default, you must specify the file name with the following com-
       mand: # syslogd -f config_file

   Daily Log Files
       You can specify in the /etc/syslog.conf file that the syslogd daemon create daily log files. To create daily log files, use  the  following
       syntax  to specify the path name of the message destination: /var/adm/syslog.dated/ { file} The file variable specifies the name of the log
       file, for example, mail.log or kern.log.  If you specify a /var/adm/syslog.dated/file path name destination, each day  the  syslogd  daemon
       creates	a  sub-directory  under  the  /var/adm/syslog.dated  directory	and  a	log file in the sub-directory, using the following syntax:
       /var/adm/syslog.dated/ date / file Where: The date variable specifies the day, month, and time that the log file  was  created.	 The  file
       variable  specifies  the name of the log file you previously specified in the /etc/syslog.conf file.  The syslogd daemon automatically cre-
       ates a new date directory every 24 hours and also when you boot the system. The current directory is a link to the latest  date	directory.
       To get the latest logs, you only need to reference the /var/adm/syslog.dated/current directory.

EXAMPLES

       The  following  is  a  sample /etc/syslog.conf file: # # syslogd config file # # facilities: kern user mail daemon auth syslog lpr binary #
       priorities: emerg  alert  crit  err  warning  notice  info  debug  #  kern.debug  /var/adm/syslog.dated/kern.log  user.debug  /var/adm/sys-
       log.dated/user.log  daemon.debug  /var/adm/syslog.dated/daemon.log  auth.crit;syslog.debug  /var/adm/syslog.dated/syslog.log mail,lpr.debug
       /var/adm/syslog.dated/misc.log msgbuf.err /var/adm/crash.dated/msgbuf.savecore kern.debug /var/adm/messages kern.debug /dev/console *.emerg
       *

FILES

       /etc/syslog.conf
       /etc/syslog.auth - Authorization file for remote logging.
       /usr/include/sys/syslog_pri.h - Common components of a syslog event log record.

RELATED INFORMATION

       Commands: /usr/sbin/syslogd(8), /usr/sbin/binlogd(8)

       System Administration delim off

																    syslog.conf(4)
All times are GMT -4. The time now is 03:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy