Hi guys,
I am currently runnig hp-ux v11.3. I have enabled auditing and I am able to send the audit events to a text file in syslog format using the following command:
audisp -r /var/.audit/audtrail/auditfile -P -o follow -O sync | audit_p2l > /var/adm/auditlog
I am required to send the... (0 Replies)
Hi everyone,
how i can configure a single audit service in the global zone for all zones, on solaris BSM.
I will be glad to hear back from you.
Thanks and Regards (3 Replies)
Dear All
When I start the AIX(6100-06)audit subsystem.
the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB.
It will replace the original /audit/stream.out (or /audit/trail).
Then the /audit/stream.out become empty and... (2 Replies)
Hi there,
I want to enable auditing for the following events in a critical AIX UNIX server by editing the /etc/syslog.conf file:
Authentication events (login success, login failure, logout)
Privilege use events (change to another user etc.) ... (1 Reply)
AUGENRULES:(8) System Administration Utilities AUGENRULES:(8)NAME
augenrules - a script that merges component audit rule files
SYNOPSIS
augenrules [--check] [--load]
DESCRIPTION
augenrules is a script that merges all component audit rules files, found in the audit rules directory, /etc/audit/rules.d, placing the
merged file in /etc/audit/audit.rules. Component audit rule files, must end in .rules in order to be processed. All other files in
/etc/audit/rules.d are ignored.
The files are concatenated in order, based on their natural sort (see -v option of ls(1)) and stripped of empty and comment (#) lines.
The last processed -D directive without an option, if present, is always emitted as the first line in the resultant file. Those with an
option are replicated in place. The last processed -b directive, if present, is always emitted as the second line in the resultant file.
The last processed -f directive, if present, is always emitted as the third line in the resultant file. The last processed -e directive,
if present, is always emitted as the last line in the resultant file.
The generated file is only copied to /etc/audit/rules.d, if it differs.
OPTIONS --check
test if rules have changed and need updating without overwriting audit.rules.
--load load old or newly built rules into the kernel.
FILES
/etc/audit/rules.d/ /etc/audit/audit.rules
SEE ALSO audit.rules(8), auditctl(8), auditd(8).
Red Hat Apr 2013 AUGENRULES:(8)