Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Send Audit Events to Syslog
Operating Systems HP-UX Send Audit Events to Syslog Post 302961463 by peter maisiba on Sunday 29th of November 2015 10:12:11 PM
Old 11-29-2015
Send Audit Events to Syslog
Hi guys,

I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command:
Code:
audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog

I am required to send the audit events to the SIEM appliance using syslog.

Kindly guide me on what I need to do to achieve the following:
Code:
  1. Make the syslog on the HP-UX server to send the events in this file  /var/adm/auditlog to the SIEM
    2. 

  2. Make the audit events to sent to the syslog directly without running the above command.
    3.

Is there a similar solution for HP-UX like what we have in redhat/centos/fedora.

Your assistance will be highly appreciated.
Last edited by Franklin52; 11-30-2015 at 07:59 AM.. Reason: Please use code tags
 

8 More Discussions You Might Find Interesting

1. How do I send email?

events send mail to admin -

Hi everybody !! I want to do something and I can't figure out. The idea is that a script should send an email when a backup is done. It works with a unix account (like root) but what I really want is to send that email to other account like fede@somethig.com. I have a mail server installed... (11 Replies)
Discussion started by: piltrafa
11 Replies

2. Cybersecurity

Syslog events meanings

Hi everybody, I'm writing to know what the following event stands for. I know that the following event is about a "su to root" action but I don't have any Idea about what action could rise this message. For example If an acction performed by the root crontab, a sudo command or something like that.... (1 Reply)
Discussion started by: PVelazco
1 Replies

3. AIX

audit with streammode and userlogin events

Hi, The audit default config has no "authentication" so I added it: General=USER_Login,USER_Logout,USER_SU,............. I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder. I check the events for USER_Login/USER_Logout: . .... (0 Replies)
Discussion started by: itik
0 Replies

4. Solaris

Solaris audit to syslog - where is arguments to the commands executed?

Hi, we have server, that is auditing actions executed, and then sends them to the syslog server. But there is arguments to issued to the commands in the audit trail, but there is no such arguments in the syslog output on the syslog server! Example - I executed: # ls -la audit... (1 Reply)
Discussion started by: masloff
1 Replies

5. Linux

How to send from Tomcat log (catelina.out) to Syslog?

Dear All:) We want to send log message from Tomcat Log to Syslog. So we have configured as follows: Our environment: Tomcat 5.5 with CentOS 5.6 Final version (32Bit) log4j.properties file location: /usr/share/tomcat5/common/classes log4j-1.2.16.jar and commons-logging-1.1.1.jar... (2 Replies)
Discussion started by: ziosnim
2 Replies

6. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

7. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

8. AIX

Cannot send syslog event from AIX 6.1 to RHEL Syslog server

Hi everyone, I am trying to configure AIX 6.1 using syslogd to send syslog event to syslog server configured on RHEL. However, RHEL never receives the events. I have tried to redirect the syslog event on AIX to a local file and successful. Only forwarding to remote server fails. Firewall... (10 Replies)
Discussion started by: michael_hoang
10 Replies

LEARN ABOUT HPUX

audusr

audusr(1M)																audusr(1M)

NAME

       audusr - select users to audit

SYNOPSIS

       user] ...] user] ...]

DESCRIPTION

       is  used  to specify users to be audited or excluded from auditing.  The command only works for systems that have been converted to trusted
       mode.

       To select users to audit on systems that have not been converted to trusted mode, use  the  command.   See  also  audit(5),  userdbset(1M),
       userdb(4), and in security(4).

       If no arguments are specified, displays the audit setting of every user.  is restricted to privileged users.

   Options
       recognizes the following options:

	      Audit the specified
			user.	The  auditing  system records audit records to the ``current'' audit file when the specified user executes audited
			events or system calls.  Use to specify events to be audited (see audevent(1M)).

	      Do not audit the specified
			user.

	      Audit all users.

	      Do not audit any users.

       The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.

       Users specified with are audited (or excluded from auditing) beginning with their next login session,  until  excluded  from  auditing  (or
       specified  for  auditing)  with	a  subsequent invocation.  Users already logged into the system when is invoked are unaffected during that
       login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

AUTHOR

       was developed by HP.

FILES

       File containing flags to indicate whether users are audited.

SEE ALSO

       audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).

								  TO BE OBSOLETED							audusr(1M)
All times are GMT -4. The time now is 07:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy