- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Question on Audit Trail (Successful Delete Onl...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 06:58 PM
тАО12-16-2008 06:58 PM
I am trying to monitor all users (w/c includes his/her username and IP Address) who executes deletion of files in our server. I thought by enabling Audit Trail (for successful delete only) will help solve my problem, but when I activated it and did some tests, I checked the logfile generated via SAM but to my surprise I didn't get the output I was expecting.
Is there a special configuration or setting in enabling Audit Trail to log the user's Username and IP Address everytime he/she executes delete regardless if its a directory or a file?
Thanks in advance
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:15 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:18 PM
тАО12-16-2008 07:18 PM
Re: Question on Audit Trail (Successful Delete Only)
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:32 PM
тАО12-16-2008 07:32 PM
Re: Question on Audit Trail (Successful Delete Only)
Will this show the Username and IP Address of the person who will perform delete?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:37 PM
тАО12-16-2008 07:37 PM
Re: Question on Audit Trail (Successful Delete Only)
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:40 PM
тАО12-16-2008 07:40 PM
Re: Question on Audit Trail (Successful Delete Only)
Go through the man page , if not use the below link.
http://h21007.www2.hp.com/portal/download/files/unprot/STK/HPUX_STK/impacts/i1004.html
Thanks,
Analyst.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2008 07:41 PM
тАО12-16-2008 07:41 PM
Re: Question on Audit Trail (Successful Delete Only)
In the man pages executing the audusr command alone audits all users.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2009 07:32 PM
тАО01-05-2009 07:32 PM
Re: Question on Audit Trail (Successful Delete Only)
I have a follow up question, when I was just about to implement this auditing thing, I noticed that the directory /etc/.secure where the audfiles should be located is now gone. I don't know why maybe someone deleted it, or the OS deleted it, I am not sure.
But is it possible to just recreate this directory? What should be the group owner and permissions of this dir? I can no longer remember the previous permissions that it had before.
I hope someone can help me regarding this.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-05-2009 08:16 PM
тАО01-05-2009 08:16 PM
Re: Question on Audit Trail (Successful Delete Only)
The default name is /.secure/etc. This directory doesn't exist by default.
I assume you can just have root:root own it with writable by root. I suppose you can have rx for group/other.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2009 06:36 PM
тАО01-28-2009 06:36 PM
Re: Question on Audit Trail (Successful Delete Only)
My next question is, what if we reboot the server, do I need to execute the "audusr -A" command again to enable it? Or is it a permanent process that will only be terminated if "audusr -D" is invoked?