Aix auditing : performance impact


 
Thread Tools Search this Thread
Operating Systems AIX Aix auditing : performance impact
# 1  
Old 02-18-2008
Aix auditing : performance impact

can someone help me find out the impact of enabling audting on the entire root filesystem. does it have a major hit on the overall performance of the system

Thanks so much
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Configure AIX server to send logs and auditing to Qradar

Hi All I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,, The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc ) my skype account khaled_ly84 ... (4 Replies)
Discussion started by: khaled_ly84
4 Replies

2. AIX

User auditing from AIX server

I am trying to find out the information of my local desktop when i use putty to login to an AIX server. This is what I do: 1. login to my PC 2. take a putty session to an AIX server Can i get information of my local desktop from the AIX server ? Is there a command available ? Thanks (8 Replies)
Discussion started by: Nagesh_1985
8 Replies

3. AIX

AIX auditing

In our customer place somebody removed and PV from the server. I want the information like which user removed this PV. Is there any way to get PV removal information. When did the PV removed from the server ? Whether AIX auding will help ? Where i can get these information ? Thank... (2 Replies)
Discussion started by: sunnybee
2 Replies

4. Shell Programming and Scripting

Long PATH, LD_LIBRARY_PATH, LIBPATH, … – what kind of performance impact do they have?

Hi, there! a long PATH... makes the OS access the disk quite often, hence there is a lot of disk I/O a long PATH... makes the OS compute a lot of ..., hence a high CPU load (Edited/added later: Yes, this is not about the lenght of the env. var., but about the number of directories listed.)... (1 Reply)
Discussion started by: Jochen_Hayek
1 Replies

5. UNIX for Advanced & Expert Users

Performance impact of terminal output

Hello, I am doing fluid simulations using OpenFOAM. This program produces a lot of output every time step. Producing output is surely not the most time consuming part, but I wonder whether writing output to the terminal or writing it into a file is faster. With thousands of time steps a... (1 Reply)
Discussion started by: Chuck Morris
1 Replies

6. AIX

AIX auditing

can some give some tips, most common security issues or and kind of advice about auditing aix system? regards (2 Replies)
Discussion started by: bongo
2 Replies

7. AIX

Help me! AUDITING AIX

Hi All, i've a problem on a AIX server with audit config... when i start the audit i receive this error: root@****:/etc/security/audit > /usr/sbin/audit start Audit start cleanup: The system call does not exist on this system. ** failed setting kernel audit objects I don't understand... (0 Replies)
Discussion started by: Zio Bill
0 Replies

8. AIX

AIX Auditing problam

i have sucessfully enable the auditing on AIX with adding som onjects. but when i go for auditpr -v < /audit/trail vlets say i reset audit at last dat 5 pm auditpr -v < /audit/trail will show up to last day 5 pm. i have to reset audit every time to check latest logs. please... (3 Replies)
Discussion started by: prashantjain07
3 Replies

9. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

10. AIX

turning auditing on AIX 4.3

Hi, What's the best way to turn on the auditing in AIX 4.3? I'm in an environment where root password are shared with many users. Can sudoers member be audited properly? Thanks (1 Reply)
Discussion started by: itik
1 Replies
Login or Register to Ask a Question
audit.conf(4)						     Kernel Interfaces Manual						     audit.conf(4)

NAME
audit.conf, audit_site.conf - files containing event mapping information and site-specific event mapping information DESCRIPTION
Files and store the event mapping information that can be used by and An event is a particular system operation. It may be either a self-auditing event or a system call. Auditable events are classified into several event categories and/or profiles. Events and system calls may have aliases. When the auditing system is installed, a default set of event mapping information is provided in In order to meet site-specific require- ments, users may also define event categories and profiles in In general, an event category is defined as a set of operations that affect a particular aspect of the system. A profile is defined as a set of operations that affect a particular type of system. With these classifications, a set of events can be selected when using or by specifying the event category or the profile that the events are associated with. Here is the syntax of the directives in and Event categories are defined using the directive for base events and the directive for event aliases. Base events are events that are pre-defined by the HP-UX operating system. They are always associated with self-auditing events that have the same name and/or with a list of system calls with the names that are referred to by the HP-UX auditing system. Event aliases, distinct from base events, are combinations of base events, self-auditing events, system calls, and system call aliases. The system call name referred to by the auditing system usually matches the real system call name with a few exceptions. If the system call is one of these exceptions, an alias name may be defined using the directive, and the alias name can be used by and system call level selection. For example, the system call is referred to as the system call by the auditing system. The interface of is not publicly exported, but the security relevant information of this system call is described in this file documents the security relevant information for all system calls that have names beginning with a period Profiles are defined using the directive. Profiles can be combinations of any events. In only and directives are allowed; names picked for or must begin with a uppercase character and must have at least one lowercase charac- ter. Adding or at the end of an event name indicates only include successful or failed operations. EXAMPLES
Here are some example entries that could be in Selecting for auditing enables audit for the system calls (for both pass and fail), (for pass only), and (for fail only). Note that con- tains and the fail events covered under Selecting this profile causes to be audited for both pass and fail, and to be audited for fail, and to not be audited at all. AUTHOR
was developed by HP. FILES
File containing event mapping information File containing audit information description for HP-UX internal system calls which are not publicly supported File containing site-specific event mapping information SEE ALSO
audevent(1M), audisp(1M). audit.conf(4)