I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command:
I am required to send the audit events to the SIEM appliance using syslog.
Kindly guide me on what I need to do to achieve the following:
Is there a similar solution for HP-UX like what we have in redhat/centos/fedora.
Your assistance will be highly appreciated.
Last edited by Franklin52; 11-30-2015 at 07:59 AM..
Reason: Please use code tags
Hi everybody !!
I want to do something and I can't figure out. The idea is that a script should send an email when a backup is done.
It works with a unix account (like root) but what I really want is to send that email to other account like fede@somethig.com.
I have a mail server installed... (11 Replies)
Hi everybody, I'm writing to know what the following event stands for. I know that the following event is about a "su to root" action but I don't have any Idea about what action could rise this message. For example If an acction performed by the root crontab, a sudo command or something like that.... (1 Reply)
Hi,
The audit default config has no "authentication" so I added it:
General=USER_Login,USER_Logout,USER_SU,.............
I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder.
I check the events for USER_Login/USER_Logout:
.
.... (0 Replies)
Hi,
we have server, that is auditing actions executed, and then sends them to the syslog server.
But there is arguments to issued to the commands in the audit trail, but there is no such arguments in the syslog output on the syslog server!
Example - I executed:
# ls -la
audit... (1 Reply)
Dear All:)
We want to send log message from Tomcat Log to Syslog. So we have configured as follows:
Our environment: Tomcat 5.5 with CentOS 5.6 Final version (32Bit)
log4j.properties file location:
/usr/share/tomcat5/common/classes
log4j-1.2.16.jar and commons-logging-1.1.1.jar... (2 Replies)
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Hi everyone,
I am trying to configure AIX 6.1 using syslogd to send syslog event to syslog server configured on RHEL. However, RHEL never receives the events.
I have tried to redirect the syslog event on AIX to a local file and successful. Only forwarding to remote server fails.
Firewall... (10 Replies)
Discussion started by: michael_hoang
10 Replies
LEARN ABOUT HPUX
audusr
audusr(1M)audusr(1M)NAME
audusr - select users to audit
SYNOPSIS
user] ...] user] ...]
DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted
mode.
To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M),
userdb(4), and in security(4).
If no arguments are specified, displays the audit setting of every user. is restricted to privileged users.
Options
recognizes the following options:
Audit the specified
user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited
events or system calls. Use to specify events to be audited (see audevent(1M)).
Do not audit the specified
user.
Audit all users.
Do not audit any users.
The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.
Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or
specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that
login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
File containing flags to indicate whether users are audited.
SEE ALSO audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).
TO BE OBSOLETED audusr(1M)