07-08-2013
I am aware that by using 'lastcomm' command, we can able to get the details such as user, execution time etc, but we couldn't capture the filenames and their paths. Do we have any such alternative way to find out the details together ?
Thanks in advance
10 More Discussions You Might Find Interesting
1. Programming
I am writing a program in C.
It is kind of a daemon process.
In this program, at the end of every 2 hours,
i need to fire an event. How can i achieve this
timer effect in my program? (1 Reply)
Discussion started by: Nadeem Mistry
1 Replies
2. Shell Programming and Scripting
Hi,
I'm automatically FTPing few files daily as a cron job to a remote server.
I wanted to know if there is a way to log the successful transfer in a log on the remote server?
The log on the remote server should look something like this.
10/30/2006 00:00:02 - File 1 transferred... (0 Replies)
Discussion started by: dayanand
0 Replies
3. Shell Programming and Scripting
Why is my awk script not firing and how can I confirm?
#!/usr/bin/ksh
# LU 5 FEB 2007 12:35
OLDDATE=`cat TIMEFILE`
for FILE in `find /home/Upload -prune -type f -newer TIMEFILE`
do
gawk -f convert_sun.awk "/home/Upload/$FILE"
done
date > TIMEFILE (5 Replies)
Discussion started by: goodmis
5 Replies
4. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
5. AIX
I need to run a DC wide audit of some oracle filesystems to ensure their all on SAN. In linux its pretty easy since its LVM device structure includes the VG for which that lv is part of (/dev/VGFOO/lv-bar). As such I can just run mount and do some greping to get the needed info.
SO my question... (2 Replies)
Discussion started by: Mattchewie
2 Replies
6. Solaris
hi all,
i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it,
Regards
spandan (2 Replies)
Discussion started by: spandhan
2 Replies
7. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
8. Red Hat
Hi,
I'm fairly new to administering RedHat (or any Linux system for that matter), and was wondering if someone could help me work out how to best manage audit logs.
In a nutshell, this is what I need to do:
- Compress audit.log file(s) once a month and delete the originals
- The... (0 Replies)
Discussion started by: Seonix
0 Replies
9. SuSE
Dear users,
I have SLES 11 and SLES 10 servers.
I'd like to receive an alert when audit log files reach certain percentage of full.
1. Is '/etc/audit/auditd.conf' the right file to modify?
2. I'd like to receive email alert. Can I specify my email in this parameter 'action_mail_acct... (1 Reply)
Discussion started by: JDBA
1 Replies
10. Shell Programming and Scripting
I am trying to parse the audit log to find a particular date that associated with a user record. The Date and the context of the record that I need to extract from the audit.log are 11-07-2015, the username and the activity he or she performed that day.
Here is my code:
grep -c date -d... (3 Replies)
Discussion started by: dellanicholson
3 Replies
LEARN ABOUT MOJAVE
auditd
AUDITD(8) BSD System Manager's Manual AUDITD(8)
NAME
auditd -- audit log management daemon
SYNOPSIS
auditd [-d | -l]
DESCRIPTION
The auditd daemon responds to requests from the audit(8) utility and notifications from the kernel. It manages the resulting audit log files
and specified log file locations.
The options are as follows:
-d Starts the daemon in debug mode -- it will not daemonize.
-l This option is for when auditd is configured to start on-demand using launchd(8).
Optionally, the audit review group "audit" may be created. Non-privileged users that are members of this group may read the audit trail log
files.
NOTE
To assure uninterrupted audit support, the auditd daemon should not be started and stopped manually. Instead, the audit(8) command should be
used to inform the daemon to change state/configuration after altering the audit_control file.
If auditd is started on-demand by launchd(8) then auditing should only be started and stopped with audit(8).
On Mac OS X, auditd uses the asl(3) API for writing system log messages. Therefore, only the audit administrator and members of the audit
review group will be able to read the system log entries.
FILES
/var/audit Default directory for storing audit log files.
/etc/security The directory containing the auditing configuration files audit_class(5), audit_control(5), audit_event(5), and audit_warn(5).
COMPATIBILITY
The historical -h and -s flags are now configured using audit_control(5) policy flags ahlt and cnt, and are no longer available as arguments
to auditd.
SEE ALSO
asl(3), libauditd(3), audit(4), audit_class(5), audit_control(5), audit_event(5), audit_warn(5), audit(8), launchd(8)
HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.
AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi-
tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
BSD
December 11, 2008 BSD