Audit.log Management


 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Audit.log Management
# 1  
Old 07-31-2012
Java Audit.log Management

Hi,

I'm fairly new to administering RedHat (or any Linux system for that matter), and was wondering if someone could help me work out how to best manage audit logs.

In a nutshell, this is what I need to do:

- Compress audit.log file(s) once a month and delete the originals
- The compressed file should include the server name and date
- I need to get the compressed files from the RHEL server to a Windows UNC share

Any assistance would be greatly appreciated.

Seonix
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parse audit log

I am trying to parse the audit log to find a particular date that associated with a user record. The Date and the context of the record that I need to extract from the audit.log are 11-07-2015, the username and the activity he or she performed that day. Here is my code: grep -c date -d... (3 Replies)
Discussion started by: dellanicholson
3 Replies

2. SuSE

Alert for Audit log

Dear users, I have SLES 11 and SLES 10 servers. I'd like to receive an alert when audit log files reach certain percentage of full. 1. Is '/etc/audit/auditd.conf' the right file to modify? 2. I'd like to receive email alert. Can I specify my email in this parameter 'action_mail_acct... (1 Reply)
Discussion started by: JDBA
1 Replies

3. Shell Programming and Scripting

Help to create audit log while firing 'rm' command

Hi, I would like to get the audit log with username, directory and the date whenever user fires 'rm' command anywhere in the file locations. Is there any possibility to capture the 'rm' command and its parameters from any environment by the single function ? Please advise me. ... (4 Replies)
Discussion started by: Joviac
4 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Solaris

how to find whether audit log is secure?

How do i find if audit logs is secured inside Solaris 10? · Verify that that audit log files are secured and owned appropriately. this is the question (1 Reply)
Discussion started by: werbotim
1 Replies

6. Solaris

audit log timestamps in GMT

I am aware that the timestamps of the audit log files are in the following format : file, 2011-09-13 07:40:24 .000 -4 Is there anyway that I can display the timestamps in local time format. Thanks for the help. ---------- Post updated at 02:18 PM ---------- Previous update was at 01:06... (0 Replies)
Discussion started by: chinchao
0 Replies

7. Cybersecurity

audit user in BSM/C2 Log

Hi, I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).... (5 Replies)
Discussion started by: BERNIELEE68
5 Replies

8. Solaris

delete audit old log

hi all, i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it, Regards spandan (2 Replies)
Discussion started by: spandhan
2 Replies

9. AIX

audit.log file rotation

Hi guys, I've googled this quite a bit, and tried searching on these forums, but haven't found a solution to my problem. I wanted to inquire about AIX's audit subsystem - more specifically, how to rotate its log file. So far I've been able to find how to rotate AIX syslog log files, and I... (2 Replies)
Discussion started by: w1r3d
2 Replies

10. Solaris

Solaris BSM audit log

I got a lot of this message in my /var/audit log how can I exclude this message? header,127,2,invalid event number,fe,hostsol1.com.sg,2007-12-21 00:10:01.001 +08:00,argument,1,0x5,processor ID,argument ,2,0x3,flag,text,P_STATUS,subject,zhang1,root,root,root,root,18228,576129155,291 131094... (1 Reply)
Discussion started by: geoffry
1 Replies
Login or Register to Ask a Question
AUDIT(8)						    BSD System Manager's Manual 						  AUDIT(8)

NAME
audit -- audit management utility SYNOPSIS
audit -e | -i | -n | -s | -t DESCRIPTION
The audit utility controls the state of the audit system. One of the following flags is required as an argument to audit: -e Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file without doing a log rotation. -i Initializes and starts auditing. This option is currently for Mac OS X only and requires auditd(8) to be configured to run under launchd(8). -n Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con- trol file. Also, audit log files that meet the expiration criteria specified in the audit control file will be removed. -s Specifies that the audit system should [re]synchronize its configuration from the audit control file. A new log file will be cre- ated. -t Specifies that the audit system should terminate. Log files are closed and renamed to indicate the time of the shutdown. NOTES
The auditd(8) daemon must already be running. Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only). The audit utility requires audit administrator privileges for successful operation. FILES
/etc/security/audit_control Audit policy file used to configure the auditing system. SEE ALSO
audit(4), audit_control(5), auditd(8), launchd(8) HISTORY
The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. AUTHORS
This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc. Addi- tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc. The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. BSD
January 29, 2009 BSD