Login or Register to Ask a Question and Join Our Community


HP-UX

HP-UX real time audit log writing

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems HP-UX HP-UX real time audit log writing
# 1  
Old 09-20-2012
HP-UX real time audit log writing
Hey all, I have a problem I was hoping to get some help on. So I have my two auditfiles, audfile1 and audfile2 that can be written to, I want to have the text version of them write to an NFS mount that I have set up. So i already know that i can do .secure/etc/audsp audfile1 > //nfsmount/folder/ But does the audsp command clear the contents of anything that is translates??

I have a script that runs on the NFS mount that appends the audsp output after its done with it with a . processed marker. I was also able to find this script online but. I am sort of comfortable with the logic, but not so sure on its syntactically right. Anyway if anyone can help I would greatly appreciate any help that you might give

Found Script:
Code:
CURRENT=$(/usr/bin/audsys | grep "current file" | head -n 1 | cut -c 15-) 
NUM=$(print $CURRENT | cut -c 24) 
if [ $NUM = 1 ] 
then 
   NEXTFILE=$(print $CURRENT | cut -c -23)"2" 
   /usr/bin/audsys -c $NEXTFILE -s 100000 
   rm /.secure/etc/files2/*.processed 
   /usr/bin/audisp /.secure/etc/files/file1 > /.secure/etc/files2/audit_out ; 
   rm $CURRENT 
else 
   NEXTFILE=$(print $CURRENT | cut -c -23)"1" 
   /usr/bin/audsys -c $NEXTFILE -s 100000 
   rm /.secure/etc/files2/*.processed 
   /usr/bin/audisp /.secure/etc/files/file2 > /.secure/etc/files2/audit_out ; 
   rm $CURRENT
fi


Moderator's Comments:
Mod Comment Please view this code tag video for how to use code tags when posting code and data.


---------- Post updated at 06:29 PM ---------- Previous update was at 06:29 PM ----------

Forgot to add in, if you have any questions feel free to ask me! I want to help you help me! SmilieSmilie
Last edited by vbe; 09-21-2012 at 05:07 AM.. Reason: restructured the script (if...) added missing fi
# 2  
Old 09-21-2012
You had some errors, but not sure it were from copying and loosing end of line etc.. stuff and no fi...
Can you check now if this is more like it?
for instance
Code:
NEXTFILE=$(print $CURRENT | cut -c -23)"2" /usr/bin/audsys -c $NEXTFILE -s 100000

makes no sense or something is missing , I understand as 2 separate commands (and so syntax id doubtful...)
# 3  
Old 09-21-2012
it may have been part of me trying to clean it up that cut off some of the parts. Here is the original post that I pulled that code from that I tried to clean up. I went ahead and put code tags around the section of code. I am starting to understand it a little logically, but most my experience comes from java/rhel background so it being all together throws me off.


--orginal post--

"I had problems with HP-UX connectors not retrieving online logs. we came up with this script to be able to retrieve online logs, there are 2 files switching over file1 and file2 and the directory /.secure/etc/files2 is where audisp command output is written "

Code:
CURRENT=$(/usr/bin/audsys | grep "current file" | head -n 1 | cut -c 15-) NUM=$(print $CURRENT | cut -c 24) if [ $NUM = 1 ] then NEXTFILE=$(print $CURRENT | cut -c -23)"2" /usr/bin/audsys -c $NEXTFILE -s 100000 rm /.secure/etc/files2/*.processed /usr/bin/audisp /.secure/etc/files/file1 > /.secure/etc/files2/audit_out ; rm $CURRENT else NEXTFILE=$(print $CURRENT | cut -c -23)"1" /usr/bin/audsys -c $NEXTFILE -s 100000 rm /.secure/etc/files2/*.processed /usr/bin/audisp /.secure/etc/files/file2 > /.secure/etc/files2/audit_out ; rm $CURRENT fi


again thank you for any help that you might have!
# 4  
Old 09-21-2012
So I think what I did in your first post seems to be correct...
Now I dont have an system is audsys turned on only traces on a old 10.20...
I suggest you look line by line what I did above:
If I try the
Code:
print $CURRENT | cut -c 23

on my system it returns nothing:
Code:
aph:/.secure/etc $ print $CURRENT | cut -c -23
/.secure/etc/audfile1
aph:/.secure/etc $ print $CURRENT | cut -c 23 

aph:/.secure/etc $ print $CURRENT | cut -c 21
1

So what does :
Code:
CURRENT=$(/usr/bin/audsys | grep "current file" | head -n 1 | cut -c 15-) ;echo $CURRENT

produce on your server?
# 5  
Old 09-21-2012
Code:
CURRENT=$(/usr/bin/audsys | grep "current file" | head -n 1 | cut -c 15-) ;echo $CURRENT
/.secure/etc/audfile1

that file path is the correct file where one of the audit logs is written to. The other is in the same directory but is just audfile2
# 6  
Old 09-21-2012
So the cut isnt correct I suppose... you need:
Code:
print $CURRENT | cut -c 21

Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

2. UNIX for Advanced & Expert Users

How to read a fast written log file at Real time speed?

Hello All, I am building a real time parser for a log file in my application. The log file is continuously written at a very fast pace and gets rolled over every 10 minutes. I have measured the speed and observed that around 1000 lines are written to it every second, each line about 30-40... (7 Replies)
Discussion started by: cool.aquarian
7 Replies

3. Shell Programming and Scripting

Archiving or removing few data from log file in real time

Hi, I have a log file that gets updated every second. Currently the size has grown to 20+ GB. I need to have a command/script, that will try to get the actual size of the file and will remove 50% of the data that are in the log file. I don't mind removing the data as the size has grown to huge... (8 Replies)
Discussion started by: Souvik Patra
8 Replies

4. Shell Programming and Scripting

[solved] How to see log in real time?

Hi people I have a bash script with a line like this: python example.py >> log & But i can't see anything in the log file while python program is running only if the program ends seems to write the log file. "$ cat log" for example don't show anything until the program ends. Is there... (4 Replies)
Discussion started by: Tieso
4 Replies

5. Shell Programming and Scripting

shell script to replicate the log files from one location to another in real time

Hi, On the server, we have app log files in this location /app/logs/error.log On the same server, in a real time, we would like to replicate that into /var/ directory. if someone has already done this, please share the script. Thanks in advance. (4 Replies)
Discussion started by: lookinginfo
4 Replies

6. Shell Programming and Scripting

Perl or Shell script to read a transaction log in real time

Hello, I have a Apache webserver running on RedHat. Its primary function is a proxy server for users accessing the internet. I have a transaction log that logs every transactions of every users. For users trying to access certain sites/content the transactions goes into a 302 redirect loop and... (2 Replies)
Discussion started by: bruno406
2 Replies

7. Shell Programming and Scripting

Real time log file redirect

Hi all, i would like to write the shell script program, it can monitor the access_log "real time" when the access_log writing the line contain "abcdef" the program will be "COPY" this line into a file named "abcdef.txt", do the same thing if the contain "123456" "COPY" it into a file named... (3 Replies)
Discussion started by: eric_wong_ch
3 Replies

8. UNIX for Dummies Questions & Answers

log users real time

hi.... how i can configurator a log file on real time....on unix solaris.... thanks a lot.... Best Regards... (3 Replies)
Discussion started by: chanfle
3 Replies
Login or Register to Ask a Question