01-17-2017
How about using builtin audit software from your operating system.
Audit configuration can look scary at first, but it's mostly a one time setup per requirement.
Writing custom scripts will only make things difficult in the future.
Not to mention bypassing such scripts could be trivial, beating the audit purpose completely.
Hope that helps
Regards
Peasant.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi....
how i can configurator a log file on real time....on unix solaris....
thanks a lot....
Best Regards... (3 Replies)
Discussion started by: chanfle
3 Replies
2. Shell Programming and Scripting
Hi all,
i would like to write the shell script program, it can monitor the access_log "real time"
when the access_log writing the line contain "abcdef" the program will be "COPY" this line into a file named "abcdef.txt", do the same thing if the contain "123456" "COPY" it into a file named... (3 Replies)
Discussion started by: eric_wong_ch
3 Replies
3. UNIX for Dummies Questions & Answers
I'm using RHEL and my var/log/messages file is filled with "FTP session opened/closed" lines that happen all day:
Aug 2 04:04:38 web proftpd: 74.125.56.10 (142.231.76.249) - FTP session closed.
Aug 2 04:05:11 web proftpd: 74.125.56.10 (142.231.88.123) - FTP session opened.Is this normal? We... (2 Replies)
Discussion started by: gaspol
2 Replies
4. Solaris
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
5. Solaris
Hi,
Is the contents in /var/log/syslog and /var/adm/messages are same??
Regards (3 Replies)
Discussion started by: vks47
3 Replies
6. Shell Programming and Scripting
How can view log messages between two time frame from /var/log/message or any type of log files.
when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval.
Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies
7. UNIX for Dummies Questions & Answers
So I want the DBA to access /var/log/messages and so I logged in as root and then edited the sudoers file as follows
"oracle ALL= (root) /bin/view, /var/log/messages"
However when I login as oracle and try
"sudo more /var/log/messages" I get
Sorry, user oracle is not allowed to... (1 Reply)
Discussion started by: gubbu
1 Replies
8. Shell Programming and Scripting
Hi people
I have a bash script with a line like this:
python example.py >> log &
But i can't see anything in the log file while python program is running only if the program ends seems to write the log file.
"$ cat log" for example don't show anything until the program ends.
Is there... (4 Replies)
Discussion started by: Tieso
4 Replies
9. SuSE
Hi
New to Suse - mainly used Solaris.
In solaris dmesg will also show you contents of messages log file but in Suse Liux it doesnt appear to.
I dont have root access to this Suse server, and wondering is there any other tool / utility that allows me to see the messages file contents like on... (1 Reply)
Discussion started by: frustrated1
1 Replies
10. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
audusr(1M) audusr(1M)
NAME
audusr - select users to audit
SYNOPSIS
user] ...] user] ...]
DESCRIPTION
is used to specify users to be audited or excluded from auditing. The command only works for systems that have been converted to trusted
mode.
To select users to audit on systems that have not been converted to trusted mode, use the command. See also audit(5), userdbset(1M),
userdb(4), and in security(4).
If no arguments are specified, displays the audit setting of every user. is restricted to privileged users.
Options
recognizes the following options:
Audit the specified
user. The auditing system records audit records to the ``current'' audit file when the specified user executes audited
events or system calls. Use to specify events to be audited (see audevent(1M)).
Do not audit the specified
user.
Audit all users.
Do not audit any users.
The and options are mutually exclusive: that is, if is specified, cannot be specified; if is specified, cannot be specified.
Users specified with are audited (or excluded from auditing) beginning with their next login session, until excluded from auditing (or
specified for auditing) with a subsequent invocation. Users already logged into the system when is invoked are unaffected during that
login session; however, any user who logs in after is invoked is audited or excluded from auditing accordingly.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
AUTHOR
was developed by HP.
FILES
File containing flags to indicate whether users are audited.
SEE ALSO
audevent(1M), userdbset(1M), setaudproc(2), audswitch(2), audwrite(2), security(4), userdb(4), audit(5).
TO BE OBSOLETED audusr(1M)