Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
cancel
Showing results for 
Search instead for 
Did you mean: 

security auditing

Highlighted
himacs
Super Advisor

security auditing

Hi Admins,

HPUX 11.31 integrity.

I have configured security auditing using below steps.

1.Ceated seperate mountpoints /audit with 500 MB.
2.Created one folder /audit/authfile as audit trail.
3.Started auditing using audsys -n -N2 -c /audit/audfile -s 5000
4.started audomon -- audomon -p 20 -t 1 -w 90 -X "/audit/audfile hostname"
5.Modified auditing file in rc.config.d .


But the audisp command not displaying event logs.


TEST:/audit/audfile#ll

-rw-------   1 root       sys          92494 Dec 27 12:41 spu0.log
-rw-------   1 root       sys              0 Dec 27 12:41 spu1.log

TEST:/audit/audfile#audisp spu0.log
All users are selected.
All events are selected.
All ttys are selected.
Selecting successful & failed events.
--------------------------------------------------------------------


#ps -ef|grep aud
    root 15015     1  0 13:11:18 ?         0:00 audomon -p 20 -t 1 -w 90 -X /audit/audfile hostname
    root 14433     0  0 12:41:45 ?         0:00 diskaudit_daemon


Please guide me how to display event logs.

 

 

Regards
himacs

 

 

P.S. This thread has been moved from System Administration to HP-UX > security - HP Forums moderator

3 REPLIES
Matti_Kurkela
Honored Contributor

Re: security auditing

When the audit subsystem is configured to write the event logs in regular mode (audsys -N1 or greater), you cannot specify the audit file by name to audisp. You must use the directory name instead.

 

Please try:

# audisp /audit/audfile

 

MK
himacs
Super Advisor

Re: security auditing

Hi MK,

 

Thanks for the responce.

 

I tried that too.. but same output.

 

#audisp /audit/audfile2
All users are selected.
All events are selected.
All ttys are selected.
Selecting successful & failed events.

 

Regards

himacs

himacs
Super Advisor

Re: security auditing

Hi ,

 

Its working fine.. Now events started to log.

 

Regards

himacs