Showing results for 
Search instead for 
Do you mean 

security auditing

Highlighted
Super Advisor

security auditing

[ Edited ]

Hi Admins,

HPUX 11.31 integrity.

I have configured security auditing using below steps.

1.Ceated seperate mountpoints /audit with 500 MB.
2.Created one folder /audit/authfile as audit trail.
3.Started auditing using audsys -n -N2 -c /audit/audfile -s 5000
4.started audomon -- audomon -p 20 -t 1 -w 90 -X "/audit/audfile hostname"
5.Modified auditing file in rc.config.d .


But the audisp command not displaying event logs.


TEST:/audit/audfile#ll

-rw-------   1 root       sys          92494 Dec 27 12:41 spu0.log
-rw-------   1 root       sys              0 Dec 27 12:41 spu1.log

TEST:/audit/audfile#audisp spu0.log
All users are selected.
All events are selected.
All ttys are selected.
Selecting successful & failed events.
--------------------------------------------------------------------


#ps -ef|grep aud
    root 15015     1  0 13:11:18 ?         0:00 audomon -p 20 -t 1 -w 90 -X /audit/audfile hostname
    root 14433     0  0 12:41:45 ?         0:00 diskaudit_daemon


Please guide me how to display event logs.

 

 

Regards
himacs

 

 

P.S. This thread has been moved from System Administration to HP-UX > security - HP Forums moderator

3 REPLIES
Honored Contributor Honored Contributor

Re: security auditing

When the audit subsystem is configured to write the event logs in regular mode (audsys -N1 or greater), you cannot specify the audit file by name to audisp. You must use the directory name instead.

 

Please try:

# audisp /audit/audfile

 

MK
Super Advisor

Re: security auditing

Hi MK,

 

Thanks for the responce.

 

I tried that too.. but same output.

 

#audisp /audit/audfile2
All users are selected.
All events are selected.
All ttys are selected.
Selecting successful & failed events.

 

Regards

himacs

Super Advisor

Re: security auditing

Hi ,

 

Its working fine.. Now events started to log.

 

Regards

himacs