agent.kgb
I'll go over the articles you recommend. Thank you,
rbatte1
I don't see /etc/syslog.conf or /etc/rsyslog.conf in my server.
Instead I have /etc/syslog-ng. This file has multiple lines of filter and destination. Is this the same file as /etc/syslog.conf or /etc/rsyslog.conf and I have to cofigure?
You said, "Be aware that the files usually need to exist when the syslog daemon (re-)reads the config file."
Do you mean the files under /var/log such as messages and mail.info files?
IRS wants my company to capture below items and send them to a SYSLOG server which is LogRhythm server for auditing purposes. I'd like to capture any activity listed and send them to SYSLOG server(LogRhythm).
I created some test files and directories and users and dropped them. I expected to see these activies in /var/log/messages and /etc/audit/audit.log files but didn't see them. How to collect these information and send them to SYSLOG server? What do I change or add in /etc/sysconfig-ng file?
Thank you,
***List of Log information IRS requires to collect in SYSLOG***
Successful login and logoff attempts
Unsuccessful login and authorization attempts
All identification and authentication attempts
All actions, connections and requests performed by privileged users
All changes to logical access control authorities (e.g., rights, permissions
System changes with the potential to compromise the integrity of audit -policy configurations, security policy configurations and audit record generation services.
Creation, modification and deletion of objects including files, directories and user accounts
Creation, modification and deletion of user accounts and group accounts
Creation, modification and deletion of user account and group account privileges
The date of the system event; ii)the time of the system event; iii) the type of system event initiated; and
the user account, system account, service or process responsible for initiating the system event.
System start-up and shutdown functions.
Modifications to administrator account(s) and administrator group account(s)including: i) escalation of user account privileges
commensurate with administrator-equivalent account(s); and ii) adding or deleting users from the administrator group account(s).
enabling or disabling of audit report generation services
command line changes, batch file changes and queries made to the system (e.g., operating system, application, and database
*****Some content of /var/syslog-ng file/*************************
Moderator's Comments:
Please wrap all code, files, input & output/errors in CODE tags.
It makes them easier to read and preserves multiple spaces for indenting or fixed width data.
Last edited by rbatte1; 06-09-2015 at 01:34 PM..
Reason: Added CODE tags for config file. Converted text list to formatted list with LIST tags.
I am responsible for administering 6 Tru64UX servers.
I need to keep an eye on all the commands executed by all the users.
Is there a way where I can save the commands executed in a seperate folder and then keep checking the list every now and then.
How can do it ? (5 Replies)
Hi!! Experts,
I have a typical scenario here in which several users have access to a particular login .. say "build".
None of the users know the passwd for this login.
The name of some of the user have been to .rhosts file.
The users can connect only by doing a rlogin to this id and then... (4 Replies)
hi,
i need help writing shell scripts to define patterns of user activities on our apache.
i thought about going through logfiles and other places where user activities are stored and use that data to define patterns of action. i want these patterns to be visualized then.
now my... (3 Replies)
I need my for loop to do 2 things at a time. I have a script where I move the old files into archive directory and then i want to compress them. Presently I am using 2 for loops for it. How can i do it in 1 for loop.
Code:
after this i am compresing them in another for loop: (3 Replies)
Hello,
I'm administrating new installed cluster that runs Legato Networker and Oracle 9. And I want to restrict the use of root to my self and givr the application and DBA the proper and needed privileges to do their duties without hassle in addition I would like to log users activities.
my... (0 Replies)
Hi all,
I want to automate a set of activities i am doing daily.the activities in the order are:
1.loging in to the unix box.
2.sudo su - tsiap, give pwd
3. cd appsrv
4. cd log
5. run the below cmd one by one, if you find any query which has run for more than 5 secs, open the... (1 Reply)
How I can get the current make-file name in a make-file
So, if I run make with specified file:make -f target.mak
is it possible to have the 'target' inside of the that 'target.mak' from the file name? (2 Replies)
hi I need a shell script which runs perpetually in background and monitors different aspects of different users on different files and their usages
for example say there r 3 users
so i want when they log in i.e. their log in time and their file access, modify and change log of each file of a... (3 Replies)
Greetings to all.
I need help from the experts. I have been given a FTP server script that runs all day, looking for files that are FTP'd to our machines. Its hoaky I know, but there are times that files are sent but somehow get lost. Is there a logfile I can view to see when files are received?
... (1 Reply)
Dear Team
I am using DB2 v10 z/os database . Need expert guidance to figure out best way to track table activities ( Ex Delete, Insert,Update )
Scenario
We have a table which is critical and many developer/testing team access on daily basis . We had instance where some deleted entire table .... (1 Reply)