topic Re: Audit Logs in Operating System - HP-UX

Audit Logs

Mike Burk — Thu, 16 Aug 2001 23:45:47 GMT

Anyone write custom scripts that filter the audit logs? If so can I get an example. I am looking to make the audit log output more readable i.e. so none unix people can read them and somewhat understand what is going on, like user xxx logged on and then su'd to user yyy and then logged off.

Re: Audit Logs

Manuel P. Ron — Mon, 20 Aug 2001 06:13:17 GMT

Use this command to display the information contained in audsys logs files:

audisp [options flags] audit_filename

Use the options flags to filter the output:

-u username, -e eventname, -c syscall, -l ttyid, -t start_time, -s stop_time, ...

Please, consult man page for more info. Thanks.

Re: Audit Logs

Joe Doe Sr — Fri, 07 Sep 2001 10:06:59 GMT

On Debian GNU/Linux you have logcheck (http://packages.debian.org/cgi-bin/search_packages.pl?keywords=logcheck&searchon=names&subword=1&version=all&release=all) and that application can incremental scan and mail the results of a check on logfiles to a mailaddress. And you can extend the search-patterns. A little note, the logcheck in testing and unstable have more patterns then logcheck in stable.

-Hans