Login or Register to Ask a Question and Join Our Community


AIX

audit with streammode and userlogin events

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX audit with streammode and userlogin events
# 1  
Old 12-06-2007
audit with streammode and userlogin events
Hi,

The audit default config has no "authentication" so I added it:

General=USER_Login,USER_Logout,USER_SU,.............


I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder.

I check the events for USER_Login/USER_Logout:
.
.
.
TCP_kreceive = printf "fd%d %s"

* commands

* tsm
USER_Login = printf "user: %s tty: %s"
PORT_Locked = printf "Port %s locked due to invalid login attempts"
TERM_Logout = printf "%s"
.
.
.
* logout
USER_Logout = printf "%s"
.
.
.


What do I need to reconfigure so that I could audit logon/logoff on my AIX.

Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. HP-UX

Send Audit Events to Syslog

Hi guys, I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command: audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog I am required to send the... (0 Replies)
Discussion started by: peter maisiba
0 Replies

2. Solaris

how to configure a audit in global zone that will audit all the zone

Hi everyone, how i can configure a single audit service in the global zone for all zones, on solaris BSM. I will be glad to hear back from you. Thanks and Regards (3 Replies)
Discussion started by: ladondo
3 Replies

3. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

4. AIX

Auditing events

Hi there, I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file: Authentication events (login success, login failure, logout) Privilege use events (change to another user etc.) ... (1 Reply)
Discussion started by: venksel
1 Replies
Login or Register to Ask a Question

LEARN ABOUT X11R4

audit_data

audit_data(4)							   File Formats 						     audit_data(4)

NAME

       audit_data - current information on audit daemon

SYNOPSIS

       /etc/security/audit_data

DESCRIPTION

       The  audit_data file contains information about the audit daemon. The file contains the process ID of the audit daemon, and the pathname of
       the current audit log file. The format of the file is:

	      pid>:<pathname>

       Where pid is the process ID for the audit daemon, and pathname is the full pathname for the current audit log file.

EXAMPLES

       Example 1: A sample audit_data file.

       64:/etc/security/audit/server1/19930506081249.19930506230945.bongos

FILES

       /etc/security/audit_data

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       audit(1M), auditd(1M), bsmconv(1M), audit(2), audit_control(4), audit.log(4)

NOTES

       The functionality described on this manual page is internal to audit(1M) and might not be supported in a future release.

       The auditd utility is the only supported mechanism to communicate with auditd(1M). The current audit log can be determined by examining the
       configured audit directories. See audit_control(4).

       The  functionality described on this manual page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
       more information.

SunOS 5.10							    14 Nov 2002 						     audit_data(4)