Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Linux logs
Top Forums UNIX for Advanced & Expert Users Linux logs Post 303013953 by Peasant on Friday 2nd of March 2018 11:32:11 AM
Old 03-02-2018
What you want is not logging but auditing.
System logs such as su log or messages provide rudimentary audit.

The stuff you would like to audit - files, services and applications needs additional configuration.
This is based on kernel module and is available on most distributions.

For instance, ARCH documentation
Audit framework - ArchWiki

A small disclaimer, i have not used those on linux systems in practice.

Regards
Peasant.
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Logs

hi My name is Juan I dont can clear wtmp and similiar files how i do it? thanks (4 Replies)
Discussion started by: jtapia
4 Replies

2. UNIX for Dummies Questions & Answers

logs

can i include this command into my crontab file > /var/adm/wtmp to clear the contents on a regular basis ? what about file permissions ? (6 Replies)
Discussion started by: cubicle^dweller
6 Replies

3. Shell Programming and Scripting

Logs

Hey Guys, i am new into shell programming and i have to do one script which have to record all the commands entered by a specific user. Example of that, i have a system running on unix, several users are using this system, i have to create like a databse which will record every user entered that... (5 Replies)
Discussion started by: charbel
5 Replies

4. UNIX for Advanced & Expert Users

logs

Hy, I have a question I have a directory in a unix server, Some of my files have a diffrent access time, from the time i accessed them last, I think some one has copied it,it's not an important file,but none the less,it is my file,It mistakenly had a 777 permission( yes ,I know it is a noob's... (1 Reply)
Discussion started by: lordmod
1 Replies

5. Linux

FTP Logs in Linux/Unix

Hi, I need to get a hostory of users who FTP into a server. How can I do it in Linux/Unix? Is there a command for this? I do not want to use netstat -a as it gives only the list of users who have a session currently on the server. Can this be done with the "last" command? Please do let me... (0 Replies)
Discussion started by: manisendhil
0 Replies

6. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

7. UNIX Desktop Questions & Answers

regarding logs

Hi , I am running an application on my windows and it logs are generated at /var/logs and for this i have to go this location and then do tail -f , Is there any command you can advise me so that when I execute this command at this location that logs get displayed fully and as the application... (3 Replies)
Discussion started by: KAREENA18
3 Replies

8. Red Hat

collect red hat linux error logs

Hi, I have two questions,first of all is where can I collect more error logs(the log under /var/log/messages), also give the corresponding explain is grateful.The second one is the log under various versions(such as red hat,suse,etc) is the same or not. Thanks for answers. (1 Reply)
Discussion started by: zhaoyy
1 Replies

9. Shell Programming and Scripting

Shell to cleanup Linux logs

Hi,Looking for any generic shell scripts to cleanup systemlogs. Thanks (2 Replies)
Discussion started by: tommy812
2 Replies

10. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT HPUX

auditd

auditd(1m)																auditd(1m)

NAME

       auditd - Starts the DCE Audit Daemon.

SYNOPSIS

       auditd [-t trail_file] [-a] [-s size] [-wrap] [-w svc_route] [-d debug_level]

OPTIONS

       Specifies  the  pathname  of  the  audit  trail	file  used  by	the  Audit  daemon.   The  default  path of the audit trail file is dcelo-
       cal/var/aud/adm/central_trail.  If an audit trail file name (instead of an absolute pathname) is specified, the file will be created in the
       dcelocal/var/aud/adm/  directory.   Audits  the Audit daemon's control interface access.  Sets a warning threshold on the size of the audit
       trail file.  The Audit daemon displays a warning message each time an audit record is appended to the audit trail after the  threshold  has
       been  reached.	Wraps  the recording of audit events to the beginning of the audit trail file when its size limit is reached.  The default
       action when the size limit has been reached is to stop auditing.  Specifies where each level of serviceability messages	are  routed.   The
       svc_route argument is divided into three fields, separated by colons - the level, a routing identifier, and a routing parameter:

       severity:how:where

       See  svcroute(5) for possible values for these fields.  Specifies debugging level of sub-components. The debug_level argument contains four
       fields separated by a colon:

       component:flags:how:where

       See svcroute(5) for possible values of these fields.

DESCRIPTION

       The auditd command starts the Audit daemon.  The Audit daemon must be run on the host before the audit clients.

       The Audit daemon can only service audit clients that are on the host where it is running.  Thus, an Audit daemon must be installed and  run
       on every host in the cell that has audit clients (audit clients include DCE servers and user-written application servers).

       The Audit daemon has two functions.  It maintains the filter files which are shared by all audit clients running on the host.  It also pro-
       vides an audit record logging service to these clients.

       The Audit daemon runs under the local host's machine principal identity (host/hostname/self).

       A DCE Host daemon (dced) must be running on the local host when auditd is started.  Typically, dced and auditd are started  at  boot  time.
       The  auditd  process places itself in the background and sends messages indicating it is ready to service requests for updating or querying
       filters and logging audit records.

   Privileges Required
       You must be logged into a privileged account (cell_admin or a member of the audit-admin group) to be able to run auditd.

EXAMPLES

       The following example starts the Audit daemon using the default audit trail file (dcelocal/var/aud/adm/central_trail): $ auditd

       The following example starts the Audit daemon and specifies my_trail_file as the audit trail file.  $auditd -t my_trail_file

       The following example starts the Audit daemon and specifies where each level of serviceability messages is going to be routed.  $ auditd -w
       FATAL:FILE:/dev/console -w NOTICE:FILE:/opt/dcelocal/var/audit/adm/svc_log

       The following example starts the Audit daemon and  specifies the debugging level.  $ auditd -d 1,esl.9

RELATED INFORMATION

       aud(1m), audevents(1m), audfilter(1m), audtrail(1m), dcecp(1m).

																	auditd(1m)
All times are GMT -4. The time now is 05:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy