|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Parse audit log
Post 302961546 by agent.kgb on Tuesday 1st of December 2015 04:28:13 AM
12-01-2015
|
|
10 More Discussions You Might Find Interesting
1. Solaris
I got a lot of this message in my /var/audit log
how can I exclude this message?
header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument
,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
2. AIX
Hi guys,
I've googled this quite a bit, and tried searching on these forums, but haven't found a solution to my problem. I wanted to inquire about AIX's audit subsystem - more specifically, how to rotate its log file.
So far I've been able to find how to rotate AIX syslog log files, and I... (2 Replies)
Discussion started by: w1r3d
2 Replies
3. Solaris
hi all,
i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it,
Regards
spandan (2 Replies)
Discussion started by: spandhan
2 Replies
4. Cybersecurity
Hi,
I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).... (5 Replies)
Discussion started by: BERNIELEE68
5 Replies
5. Solaris
I am aware that the timestamps of the audit log files are in the following format :
file, 2011-09-13 07:40:24 .000 -4
Is there anyway that I can display the timestamps in local time format.
Thanks for the help.
---------- Post updated at 02:18 PM ---------- Previous update was at 01:06... (0 Replies)
Discussion started by: chinchao
0 Replies
6. Solaris
How do i find if audit logs is secured inside Solaris 10?
· Verify that that audit log files are secured and owned appropriately.
this is the question (1 Reply)
Discussion started by: werbotim
1 Replies
7. AIX
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies
8. Shell Programming and Scripting
Hi, everyone
I would like to write ksh script in ksh (HP-UX), to audit any changes inside target directories.
My enviroment has many constrains, so I can only use ksh and cannot install
any 3rd party soft or command (include perl or other languages)
The script functions like below
1) take a... (1 Reply)
Discussion started by: stev.h
1 Replies
9. Red Hat
Hi,
I'm fairly new to administering RedHat (or any Linux system for that matter), and was wondering if someone could help me work out how to best manage audit logs.
In a nutshell, this is what I need to do:
- Compress audit.log file(s) once a month and delete the originals
- The... (0 Replies)
Discussion started by: Seonix
0 Replies
10. SuSE
Dear users,
I have SLES 11 and SLES 10 servers.
I'd like to receive an alert when audit log files reach certain percentage of full.
1. Is '/etc/audit/auditd.conf' the right file to modify?
2. I'd like to receive email alert. Can I specify my email in this parameter 'action_mail_acct... (1 Reply)
Discussion started by: JDBA
1 Replies
LEARN ABOUT SUNOS
audit
audit(2) audit(2) NAME
audit - write a record to the audit log SYNOPSIS
cc [ flag ... ] file ... -lbsm -lsocket -lnsl [ library... ] #include <sys/param.h> #include <bsm/libbsm.h> int audit(caddr_t record, int length); The audit() function is used to write a record to the system audit log. The data pointed to by record is written to the log after a mini- mal consistency check, with the length parameter specifying the size of the record in bytes. The data should be a well-formed audit record as described by audit.log(4). The kernel validates the record header token type and length, and sets the time stamp value before writing the record to the audit log. The kernel does not do any preselection for user-level generated events. If the audit policy is set to include sequence or trailer tokens, the kernel will append them to the record. Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error. The audit() function will fail if: EFAULT The record argument points outside the process's allocated address space. EINVAL The record header token ID is invalid or the length is either less than the header token size or greater than MAXAUDIT- DATA. EPERM The {PRIV_PROC_AUDIT} privilege is not asserted in the effective set of the calling process. USAGE
Only privileged processes can successfully execute this call. See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Stable | +-----------------------------+-----------------------------+ |MT-Level |MT-Safe | +-----------------------------+-----------------------------+ bsmconv(1M), auditd(1M), auditon(2), auditsvc(2), getaudit(2), audit.log(4), attributes(5), privileges(5) The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information. 31 Mar 2005 audit(2)