Configuring 'auditd' service to not store the audit logs in /var partition


 
Thread Tools Search this Thread
Operating Systems Solaris Configuring 'auditd' service to not store the audit logs in /var partition
# 1  
Old 02-14-2014
Configuring 'auditd' service to not store the audit logs in /var partition

Hello all,

I've configured 'audit' service to send the audit logs to a remote log server (by using syslog plugin), which is working fine.

However, there is a problem. audit service also tries to write same information (but in binary format) in /var/audit path.

So, Is there anyway to stop audit service from storing the log files in /var partition and instead only use syslog to send the information to remote host ?

Thanks,
# 2  
Old 02-14-2014
Maybe try changing
Code:
dir:/var/audit

to
Code:
dir:

in /etc/security/audit_control, then restart audit daemon (or the server).
# 3  
Old 02-15-2014
Thank you bartus,

I'll check on this, and I'll be back to update the result.

Thanks,

---------- Post updated 02-15-14 at 01:37 PM ---------- Previous update was 02-14-14 at 07:16 PM ----------

Thank you again, It worked fine Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Settings audit logs for different tasks. Help me!!!

Hi guys. I have to set audit logs on certain events on a solaris 10 server. While I had no problems on linux, I'm going crazy to do the same thing on solaris 10, since I don't have enough expertise on this OS . I should be able to identify these 4 different events: 1: Tracking all... (2 Replies)
Discussion started by: menofmayhem
2 Replies

2. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

3. Solaris

How can i enable audit logs for global zone and standard zones?

HI Community, how can i configure audit logs for global zones and standard zone. i have enabled and started auditd service and it went to maintenance mode. please help me to configure that Thanks & Regards, BEn (9 Replies)
Discussion started by: bentech4u
9 Replies

4. UNIX for Dummies Questions & Answers

/var/audit full

Hi, I have Solaris-10 (having multiple non global zones running on it). Its /var is getting full to 100% and I can see, there are files getting added to /var/audit. There are large in number, so even if I clearing them, it is filling /var. In past 24 hours, there are 53000 files are added. I am... (1 Reply)
Discussion started by: solaris_1977
1 Replies

5. Solaris

How to view audit logs in Solaris?

Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the... (4 Replies)
Discussion started by: brownwrap
4 Replies

6. HP-UX

/var partition full need help

My /var partition is almost utilized ... Here am not sure where to release space now OS/model : HP-UX B.11.11 U 9000/800 # bdf /var Filesystem kbytes used avail %used Mounted on /dev/vg00/lvol9 6144000 6142176 1824 100% /var <root@pb>/var # du -sk * | sort -n |... (20 Replies)
Discussion started by: Shirishlnx
20 Replies

7. Red Hat

Secure & Audit logs

Hi all I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing. I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Discussion started by: hedkandi
7 Replies

8. Linux

sending messages from auditd logs to syslog server

I have the auditd running and I need to send the audit logs to a remote syslog server. Anyideas on how to do that? (1 Reply)
Discussion started by: jmathenge
1 Replies

9. Filesystems, Disks and Memory

partition out /var

Hi If You were the systems administrator of a mail server that services approximately 3,000 users. 2,000 users access their email via a POP-3 service, while the remaining 1,000 users access their email via a Unix mail reader. Recently users have complained about speed of disk access, so a new 10... (1 Reply)
Discussion started by: semaphore
1 Replies

10. HP-UX

Found service running during audit

Hello all! During a network audit, I came across a host running a service on a high port (34604). Not recognizing the port, I used a tool called 'amap' (THC-AMAP - fast and reliable application fingerprint mapper) to fingerprint it. This tool also did not fingerprint it correctly, but did... (2 Replies)
Discussion started by: dan.king
2 Replies
Login or Register to Ask a Question