AIX

I have an investigation job at hand where I have to know when was the FIRST time the daemon was invoked.
Now, currently what I can see as the time since invoked was some where near the last reboot which is kind of obvious that the daemon stopped and recycled after reboot.

But I want to know the first time it was created. It can be yesterday, a month a year a couple of years...any day in the history.

ANy guidance appreciated.

I think you should have a look at auditing subsystem in AIX: IBM AIX System Security Audit - United States

Thanks but this deals with audits on the server, which something the Administrator shall be aware of.

What I need to know is regarding a particular process.

Any ideas?

Those audit events deal with all the processes on the server (so your particular process as well):

Code:

PROC_Create (process creation)
PROC_Execute (command execution)
PROC_Delete (process completion)

nice!!
Thanks...I'll dig into it

Sounds like you want to do something the administrator can't change. This is usually the case in security-aware environments. I got a company (card-processing business) through a PCI certification and they had similar issues.

We did the following there: installed Samhain (a host-based intrusion detection system) and syslog-ng. The syslog-ng allows for multiple output destinations and we used one "secure server" which was not under the administration of the usual admins as destination.

We intended to install Snoopylogger too, but alas never got it to run on AIX, so we only installed it on the Linux systems.

I hope this helps.

bakunin

The problem is the kind of job i have we have administrative priveleges, but the protocols don't allow us to experiments too much with the data stored in the server.

So we can't install any third party softwares on those servers.
I was looking for some internal command on the Unix server through which I can know, the first time a daemon was created.
I wish I could do what you have suggested me to do. Appreciate your help!