Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Linux logs
Top Forums UNIX for Advanced & Expert Users Linux logs Post 303013953 by Peasant on Friday 2nd of March 2018 11:32:11 AM
Old 03-02-2018
What you want is not logging but auditing.
System logs such as su log or messages provide rudimentary audit.

The stuff you would like to audit - files, services and applications needs additional configuration.
This is based on kernel module and is available on most distributions.

For instance, ARCH documentation
Audit framework - ArchWiki

A small disclaimer, i have not used those on linux systems in practice.

Regards
Peasant.
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Logs

hi My name is Juan I dont can clear wtmp and similiar files how i do it? thanks (4 Replies)
Discussion started by: jtapia
4 Replies

2. UNIX for Dummies Questions & Answers

logs

can i include this command into my crontab file > /var/adm/wtmp to clear the contents on a regular basis ? what about file permissions ? (6 Replies)
Discussion started by: cubicle^dweller
6 Replies

3. Shell Programming and Scripting

Logs

Hey Guys, i am new into shell programming and i have to do one script which have to record all the commands entered by a specific user. Example of that, i have a system running on unix, several users are using this system, i have to create like a databse which will record every user entered that... (5 Replies)
Discussion started by: charbel
5 Replies

4. UNIX for Advanced & Expert Users

logs

Hy, I have a question I have a directory in a unix server, Some of my files have a diffrent access time, from the time i accessed them last, I think some one has copied it,it's not an important file,but none the less,it is my file,It mistakenly had a 777 permission( yes ,I know it is a noob's... (1 Reply)
Discussion started by: lordmod
1 Replies

5. Linux

FTP Logs in Linux/Unix

Hi, I need to get a hostory of users who FTP into a server. How can I do it in Linux/Unix? Is there a command for this? I do not want to use netstat -a as it gives only the list of users who have a session currently on the server. Can this be done with the "last" command? Please do let me... (0 Replies)
Discussion started by: manisendhil
0 Replies

6. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

7. UNIX Desktop Questions & Answers

regarding logs

Hi , I am running an application on my windows and it logs are generated at /var/logs and for this i have to go this location and then do tail -f , Is there any command you can advise me so that when I execute this command at this location that logs get displayed fully and as the application... (3 Replies)
Discussion started by: KAREENA18
3 Replies

8. Red Hat

collect red hat linux error logs

Hi, I have two questions,first of all is where can I collect more error logs(the log under /var/log/messages), also give the corresponding explain is grateful.The second one is the log under various versions(such as red hat,suse,etc) is the same or not. Thanks for answers. (1 Reply)
Discussion started by: zhaoyy
1 Replies

9. Shell Programming and Scripting

Shell to cleanup Linux logs

Hi,Looking for any generic shell scripts to cleanup systemlogs. Thanks (2 Replies)
Discussion started by: tommy812
2 Replies

10. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

LEARN ABOUT FREEBSD

audit

AUDIT(4)						   BSD Kernel Interfaces Manual 						  AUDIT(4)

NAME

     audit -- Security Event Audit

SYNOPSIS

     options AUDIT

DESCRIPTION

     Security Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events, and is intended to meet the
     requirements of the Common Criteria (CC) Common Access Protection Profile (CAPP) evaluation.  The FreeBSD audit facility implements the de
     facto industry standard BSM API, file formats, and command line interface, first found in the Solaris operating system.  Information on the
     user space implementation can be found in libbsm(3).

     Audit support is enabled at boot, if present in the kernel, using an rc.conf(5) flag.  The audit daemon, auditd(8), is responsible for con-
     figuring the kernel to perform audit, pushing configuration data from the various audit configuration files into the kernel.

   Audit Special Device
     The kernel audit facility provides a special device, /dev/audit, which is used by auditd(8) to monitor for audit events, such as requests to
     cycle the log, low disk space conditions, and requests to terminate auditing.  This device is not intended for use by applications.

   Audit Pipe Special Devices
     Audit pipe special devices, discussed in auditpipe(4), provide a configurable live tracking mechanism to allow applications to tee the audit
     trail, as well as to configure custom preselection parameters to track users and events in a fine-grained manner.

SEE ALSO

     auditreduce(1), praudit(1), audit(2), auditctl(2), auditon(2), getaudit(2), getauid(2), poll(2), select(2), setaudit(2), setauid(2),
     libbsm(3), auditpipe(4), audit.log(5), audit_class(5), audit_control(5), audit_event(5), audit_user(5), audit_warn(5), rc.conf(5), audit(8),
     auditd(8), auditdistd(8)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

     Support for kernel audit first appeared in FreeBSD 6.2.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

     This manual page was written by Robert Watson <rwatson@FreeBSD.org>.

BUGS

     The FreeBSD kernel does not fully validate that audit records submitted by user applications are syntactically valid BSM; as submission of
     records is limited to privileged processes, this is not a critical bug.

     Instrumentation of auditable events in the kernel is not complete, as some system calls do not generate audit records, or generate audit
     records with incomplete argument information.

     Mandatory Access Control (MAC) labels, as provided by the mac(4) facility, are not audited as part of records involving MAC decisions.

BSD
								   May 31, 2009 							       BSD
All times are GMT -4. The time now is 10:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy