Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

Sending audit log info to syslog

john guardian
Super Advisor

Sending audit log info to syslog

Can audit info be sent directly to syslog?


Goal is to get audit log info to a remote machine via system configuration rather than using a script.





Occasional Advisor

Re: Sending audit log info to syslog

The auditing operation and filtering is done inside the kernel, by necessity, so that sharply limits the ability of the auditing system to make use of non-kernel resources such as the syslog daemon.  There's also a significant performance issue involved - you wouldn't want each open() or read() system call to have to wait on a congested network connection, or hang your system because of a network outage, as it was trying to reach an unreachable syslog server.


I'd suggest a cron job to periodically run the audit_p2l script or something like it to deliver the accumulated audit information into syslog.


Audit Reporting Tools - A set of tools that facilitates the processing of previously collected HP-UX raw audit data and extracts useful information for compliance reporting purposes. The audit reporting tools consist of the following main components:


  • An Audit DPMS service module, audit_hpux_portable, that handles audit data that is portable from systems to systems, and good for retention purpose. Also a sample script, audit_p2l, that demonstrates how to convert the portable data into syslog-like messages.