- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Sending audit log info to syslog
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2011 07:14 AM
09-12-2011 07:14 AM
Sending audit log info to syslog
Can audit info be sent directly to syslog?
Goal is to get audit log info to a remote machine via system configuration rather than using a script.
Anyone?
Thx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2011 08:42 AM
09-26-2011 08:42 AM
Re: Sending audit log info to syslog
The auditing operation and filtering is done inside the kernel, by necessity, so that sharply limits the ability of the auditing system to make use of non-kernel resources such as the syslog daemon. There's also a significant performance issue involved - you wouldn't want each open() or read() system call to have to wait on a congested network connection, or hang your system because of a network outage, as it was trying to reach an unreachable syslog server.
I'd suggest a cron job to periodically run the audit_p2l script or something like it to deliver the accumulated audit information into syslog.
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do%3FproductNumber%3DAuditExt
Audit Reporting Tools - A set of tools that facilitates the processing of previously collected HP-UX raw audit data and extracts useful information for compliance reporting purposes. The audit reporting tools consist of the following main components:
- An Audit DPMS service module, audit_hpux_portable, that handles audit data that is portable from systems to systems, and good for retention purpose. Also a sample script, audit_p2l, that demonstrates how to convert the portable data into syslog-like messages.