HPE Community
Operating System - HP-UX
1752720 Members
5663 Online
108789 Solutions
New Discussion юеВ

Re: Customised logging in HP-UX11i

 
Velan
New Member

тАО12-31-2004 04:04 PM

тАО12-31-2004 04:04 PM

Customised logging in HP-UX11i

Greetings to all,

I am currently have a Production server ( rp4440 , HP-UX 11i v1 ).

I know that the following logs exists , and does the following functions :

1) /var/adm/syslog/
Contains system log files
syslogd daemon responsible for writing log messages, behavior can be customised with /etc/syslog.conf
- syslog.log

2) /var/adm/sulog
Contains a history of all invocations of switch user

3) /var/adm/wtmp
Contains history of successful logins
Use # last command to display info
Should be trimmed by admin as it grows

4) /var/adm/btmp
Contains history of unsuccessful logins
Use # lastb command to display info
Should be trimmed by admin as it grows

5)/etc/utmp
Contains a record of all users logged onto system
Used by # write and # who command
Cannot be viewed directly , not ASCII

----------------------------------------------------------------------

I want to know if there is any way of creating a customised logging for any file creation that shows the assigned owner/group for every file creation , plus file owner / group changes ( chown/chgrp commands ).

Thank you.
Time and tide waits for no man
0 Kudos
Reply
4 REPLIES 4
Bill Hassell
Honored Contributor

тАО01-01-2005 03:45 AM

тАО01-01-2005 03:45 AM

Re: Customised logging in HP-UX11i

If you have a Trusted system (the directory /tcb exists) then you can have SAM turn on system Auditing, specifically the Audited Events. Before you exit Auditing, you MUST change the location of the auditing logs. They are defaulted to the / directory (/.secure) which will be far too small for a busy system. Note that the more things you log, the slower your system will run and the faster the logfiles will fill up.


Bill Hassell, sysadmin
0 Kudos
Reply
Velan
New Member

тАО01-05-2005 10:42 PM

тАО01-05-2005 10:42 PM

Re: Customised logging in HP-UX11i

Greetings,

Unfortunately , my system is not a Trusted system.

Any other suggestions ?
Time and tide waits for no man
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО01-05-2005 11:01 PM

тАО01-05-2005 11:01 PM

Re: Customised logging in HP-UX11i

Hi,

You can use tsconvert if you want to go for it. You can enable auditing on your machine and get the events.

regards,
Syam
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-06-2005 05:06 AM

тАО01-06-2005 05:06 AM

Re: Customised logging in HP-UX11i

There is nothing in HP-UX that will log what you want without converting to Trusted. If this system is important, you need to convert to Trusted for better security as well as auditing. It is virtually transparent for your applications and users, and SAM can do this for you as well as setup auditing.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.