- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Delivery HP-UX Audits to another system
Operating System - HP-UX
1748163
Members
3641
Online
108758
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2009 10:40 AM
тАО07-27-2009 10:40 AM
Delivery HP-UX Audits to another system
I am trying to combine all the HP-UX audit logs from all my HP-UX servers onto a linux based syslog server. I am running a mix of HP-UX 11.23 and 11.31. I currently have a custom cron script that rolls audit to a new file. Then take the old audit data and run the audisp tool to get ASCII text. The ASCII test is then sent to a named pipe watched by syslog-ng. This process is cumbersome but we would like to avoid FTP, and the hassles of secure copy with pub/pri keys. Any suggestions to improve the above solution using syslog-ng?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2009 10:58 AM
тАО07-27-2009 10:58 AM
Re: Delivery HP-UX Audits to another system
It depends on how much "live" you want it to be. Using SCP is probably the best solution since it's secure, but not live and this leaves time for an intruder to interfere with the transfer. Audisp in itself is not live anyway since as I recall, it must be run in a loop to extract logs. Furthermore, since you don't want to use FTP or keys, this leaves few alternatives. I'd use logger(1) or netcat in your case.
FYI, recent releases of 11iv3 have much easier to use tools to extract audit data than audisp.
Good luck
FYI, recent releases of 11iv3 have much easier to use tools to extract audit data than audisp.
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2009 11:05 AM
тАО07-27-2009 11:05 AM
Re: Delivery HP-UX Audits to another system
I guess I'm confused...why wouldn't you simply forward the log messages?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2009 11:29 AM
тАО07-27-2009 11:29 AM
Re: Delivery HP-UX Audits to another system
We do forward syslog events for realtime insight into the system. However our auditors would like us to have a copy of the audit logs we can search for actions performed by all users. These syscalls are part of the audit applications. The fact we can not see the audit data "live" is not a large concerns as the data is only lagged by 1 hour due to our hourly cron jobs. The main problem I have had with syslog-ng is some of the data appears to be missing and I was wondering if named pipe is perhaps the wrong way to get the data out of audisp tool.
We intially tried piping the output to logger but that was even worse than named pipe monitoring. I have never heard of netcat so I have some research to do.
We intially tried piping the output to logger but that was even worse than named pipe monitoring. I have never heard of netcat so I have some research to do.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP