Sending audit log info to syslog

john guardian · ‎09-12-2011

Can audit info be sent directly to syslog?

Goal is to get audit log info to a remote machine via system configuration rather than using a script.

Anyone?

Thx.

Michael_Pelleti · ‎09-26-2011

The auditing operation and filtering is done inside the kernel, by necessity, so that sharply limits the ability of the auditing system to make use of non-kernel resources such as the syslog daemon. There's also a significant performance issue involved - you wouldn't want each open() or read() system call to have to wait on a congested network connection, or hang your system because of a network outage, as it was trying to reach an unreachable syslog server.

I'd suggest a cron job to periodically run the audit_p2l script or something like it to deliver the accumulated audit information into syslog.

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do%3FproductNumber%3DAuditExt

Audit Reporting Tools - A set of tools that facilitates the processing of previously collected HP-UX raw audit data and extracts useful information for compliance reporting purposes. The audit reporting tools consist of the following main components:

An Audit DPMS service module, audit_hpux_portable, that handles audit data that is portable from systems to systems, and good for retention purpose. Also a sample script, audit_p2l, that demonstrates how to convert the portable data into syslog-like messages.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Sending audit log info to syslog

Sending audit log info to syslog

Re: Sending audit log info to syslog