Showing results for 
Search instead for 
Do you mean 

Sending audit log info to syslog

Super Advisor

Sending audit log info to syslog

Can audit info be sent directly to syslog?


Goal is to get audit log info to a remote machine via system configuration rather than using a script.





Occasional Advisor

Re: Sending audit log info to syslog

The auditing operation and filtering is done inside the kernel, by necessity, so that sharply limits the ability of the auditing system to make use of non-kernel resources such as the syslog daemon.  There's also a significant performance issue involved - you wouldn't want each open() or read() system call to have to wait on a congested network connection, or hang your system because of a network outage, as it was trying to reach an unreachable syslog server.


I'd suggest a cron job to periodically run the audit_p2l script or something like it to deliver the accumulated audit information into syslog.


Audit Reporting Tools - A set of tools that facilitates the processing of previously collected HP-UX raw audit data and extracts useful information for compliance reporting purposes. The audit reporting tools consist of the following main components:


  • An Audit DPMS service module, audit_hpux_portable, that handles audit data that is portable from systems to systems, and good for retention purpose. Also a sample script, audit_p2l, that demonstrates how to convert the portable data into syslog-like messages.