Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Send Audit Events to Syslog
Operating Systems HP-UX Send Audit Events to Syslog Post 302961463 by peter maisiba on Sunday 29th of November 2015 10:12:11 PM
Old 11-29-2015
Send Audit Events to Syslog
Hi guys,

I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command:
Code:
audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog

I am required to send the audit events to the SIEM appliance using syslog.

Kindly guide me on what I need to do to achieve the following:
Code:
  1. Make the syslog on the HP-UX server to send the events in this file  /var/adm/auditlog to the SIEM
    2. 

  2. Make the audit events to sent to the syslog directly without running the above command.
    3.

Is there a similar solution for HP-UX like what we have in redhat/centos/fedora.

Your assistance will be highly appreciated.
Last edited by Franklin52; 11-30-2015 at 07:59 AM.. Reason: Please use code tags
 

8 More Discussions You Might Find Interesting

1. How do I send email?

events send mail to admin -

Hi everybody !! I want to do something and I can't figure out. The idea is that a script should send an email when a backup is done. It works with a unix account (like root) but what I really want is to send that email to other account like fede@somethig.com. I have a mail server installed... (11 Replies)
Discussion started by: piltrafa
11 Replies

2. Cybersecurity

Syslog events meanings

Hi everybody, I'm writing to know what the following event stands for. I know that the following event is about a "su to root" action but I don't have any Idea about what action could rise this message. For example If an acction performed by the root crontab, a sudo command or something like that.... (1 Reply)
Discussion started by: PVelazco
1 Replies

3. AIX

audit with streammode and userlogin events

Hi, The audit default config has no "authentication" so I added it: General=USER_Login,USER_Logout,USER_SU,............. I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder. I check the events for USER_Login/USER_Logout: . .... (0 Replies)
Discussion started by: itik
0 Replies

4. Solaris

Solaris audit to syslog - where is arguments to the commands executed?

Hi, we have server, that is auditing actions executed, and then sends them to the syslog server. But there is arguments to issued to the commands in the audit trail, but there is no such arguments in the syslog output on the syslog server! Example - I executed: # ls -la audit... (1 Reply)
Discussion started by: masloff
1 Replies

5. Linux

How to send from Tomcat log (catelina.out) to Syslog?

Dear All:) We want to send log message from Tomcat Log to Syslog. So we have configured as follows: Our environment: Tomcat 5.5 with CentOS 5.6 Final version (32Bit) log4j.properties file location: /usr/share/tomcat5/common/classes log4j-1.2.16.jar and commons-logging-1.1.1.jar... (2 Replies)
Discussion started by: ziosnim
2 Replies

6. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

7. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

8. AIX

Cannot send syslog event from AIX 6.1 to RHEL Syslog server

Hi everyone, I am trying to configure AIX 6.1 using syslogd to send syslog event to syslog server configured on RHEL. However, RHEL never receives the events. I have tried to redirect the syslog event on AIX to a local file and successful. Only forwarding to remote server fails. Firewall... (10 Replies)
Discussion started by: michael_hoang
10 Replies

LEARN ABOUT SUSE

razor2::syslog

Razor2::Syslog(3)					User Contributed Perl Documentation					 Razor2::Syslog(3)

NAME

       Razor2::Syslog -- Syslog support for Razor2

SYNOPSIS

	 use Razor2::Syslog;
	 my $s=new Razor2::Syslog(Facility=>'local4',Priority=>'debug');
	 $s->send('see this in syslog',Priority=>'info');

DESCRIPTION

       This module has been derived from Net::Syslog. Some optimizations were made to Net::Syslog, in particular support for keeping a socket
       open. What follows is the documentation for Net::Syslog, which completely applies to this module.

       Net::Syslog implements the intra-host syslog forwarding protocol. It is not intended to replace the Sys::Syslog or Unix::Syslog modules,
       but instead to provide a method of using syslog when a local syslogd is unavailable or when you don't want to write syslog messages to the
       local syslog.

       The new call sets up default values, any of which can be overridden in the send call.  Keys (listed with default values) are:

	       Name	       <calling script name>
	       Facility        local5
	       Priority        err
	       SyslogPort      514
	       SyslogHost      127.0.0.1

       Valid Facilities are:	  kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron,      authpriv, ftp, local0, local1, local2,
       local3, local4, local5, local6

       Valid Priorities are:	  emerg, alert, crit, err, warning, notice, info, debug

AUTHOR

	Les Howard, les@lesandchris.com
	Vipul Ved Prakash, mail@vipul.net

SEE ALSO

       syslog(3), Sys::Syslog(3), syslogd(8), Unix::Syslog(3), IO::Socket, perl(1)

perl v5.12.1							    2005-05-09							 Razor2::Syslog(3)
All times are GMT -4. The time now is 01:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy