02-14-2014
Configuring 'auditd' service to not store the audit logs in /var partition
Hello all,
I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.
However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.
So, Is there anyway to stop audit service from storing the log files in /var partition and instead only use syslog to send the information to remote host ?
Thanks,
10 More Discussions You Might Find Interesting
1. HP-UX
Hello all!
During a network audit, I came across a host running a service on a high port (34604). Not recognizing the port, I used a tool called 'amap' (THC-AMAP - fast and reliable application fingerprint mapper) to fingerprint it.
This tool also did not fingerprint it correctly, but did... (2 Replies)
Discussion started by: dan.king
2 Replies
2. Filesystems, Disks and Memory
Hi
If You were the systems administrator of a mail server that services approximately 3,000 users. 2,000
users access their email via a POP-3 service, while the remaining 1,000 users access their email via a
Unix mail reader. Recently users have complained about speed of disk access, so a new 10... (1 Reply)
Discussion started by: semaphore
1 Replies
3. Linux
I have the auditd running and I need to send the audit logs to a remote syslog server.
Anyideas on how to do that? (1 Reply)
Discussion started by: jmathenge
1 Replies
4. Red Hat
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies
5. HP-UX
My /var partition is almost utilized ... Here am not sure where to release space now
OS/model : HP-UX B.11.11 U 9000/800
# bdf /var
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol9 6144000 6142176 1824 100% /var
<root@pb>/var # du -sk * | sort -n |... (20 Replies)
Discussion started by: Shirishlnx
20 Replies
6. Solaris
Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I have Solaris-10 (having multiple non global zones running on it). Its /var is getting full to 100% and I can see, there are files getting added to /var/audit. There are large in number, so even if I clearing them, it is filling /var. In past 24 hours, there are 53000 files are added. I am... (1 Reply)
Discussion started by: solaris_1977
1 Replies
8. Solaris
HI Community,
how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that
Thanks & Regards,
BEn (9 Replies)
Discussion started by: bentech4u
9 Replies
9. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
10. Solaris
Hi guys.
I have to set audit logs on certain events on a solaris 10 server.
While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS .
I should be able to identify these 4 different events:
1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies
LEARN ABOUT X11R4
audit_data
audit_data(4) File Formats audit_data(4)
NAME
audit_data - current information on audit daemon
SYNOPSIS
/etc/security/audit_data
DESCRIPTION
The audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of
the current audit log file. The format of the file is:
pid>:<pathname>
Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file.
EXAMPLES
Example 1: A sample audit_data file.
64:/etc/security/audit/server1/19930506081249.19930506230945.bongos
FILES
/etc/security/audit_data
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Obsolete |
+-----------------------------+-----------------------------+
SEE ALSO
audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4)
NOTES
The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release.
The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the
configured audit directories. See audit_control(4).
The functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
more information.
SunOS 5.10 14 Nov 2002 audit_data(4)