cancel
Showing results for 
Search instead for 
Did you mean: 

Enable Auditing On HP-UX

Ramasubramanian Krishna
Occasional Advisor

Enable Auditing On HP-UX

I need to enable auditing on HP-UX system and the audit files to be generated on central server.
9 REPLIES
Shibin_2
Honored Contributor

Re: Enable Auditing On HP-UX

Use audsys command to start / stop auditing on your system.

Read man audsys for more information.

I am not sure, whether you can keep it in a remote server.

/.secure/etc/audnames File contains the current and next audit file names and their switch sizes.
Regards
Shibin
Shibin_2
Honored Contributor

Re: Enable Auditing On HP-UX

Hakki Aydin Ucar
Honored Contributor

Re: Enable Auditing On HP-UX

You need to go to SAM > Security > Audit Events

But you need to convert your system Trusted Systems.

And you need to start by Turn Auditing ON from Actions menu.

And remember/be careful, it means too much logs under /.secure/etc
Ramasubramanian Krishna
Occasional Advisor

Re: Enable Auditing On HP-UX

thanks. But I need the audit files created to be on the central server.
Sundar G
Frequent Advisor

Re: Enable Auditing On HP-UX

Ram,

Try exploring the use of syslog-ng which sends all logs to a centralised server (including syslog). It is bundled with DASU tools in HP UX 11.31 . This link may be helpful.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1288780164926+28353475&threadId=1179562

-- Sundar
Dennis Handly
Acclaimed Contributor

Re: Enable Auditing On HP-UX

>I need the audit files created to be on the central server.

Is NFS available to do this?
Court Campbell
Honored Contributor

Re: Enable Auditing On HP-UX

I agree with Dennis. You will probably need to go the NFS route. Alternatively, you could write a script that changed the log file, and copied the log file off to another server. I did this at my last company. We switched out the audit file via a cronjob and sent it to a management server.

A couple of notes:

1. Make sure the audit info is useful. I cannot tell you how much crap info you can get from auditing. Do you really need to know every semop call?

2. Make sure you have a good amount of space for the logs. If the system cannot write to the audit files, your system will grind to a halt.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Ismail Azad
Esteemed Contributor

Re: Enable Auditing On HP-UX

Just one thing, if u are doing via command line. Check the control variable in /etc/rc.config.d/auditing it will typically be 0 so make it as 1.
Read, read and read... Then read again until you read "between the lines".....
Shibin_2
Honored Contributor

Re: Enable Auditing On HP-UX

I have assigned points to 1 of 13 responses to my questions.


Please assign some points.
Regards
Shibin