- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Send audit logging to syslog for centralized s...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2010 12:10 PM
тАО12-07-2010 12:10 PM
*.info @
I have tried using #audsys | logger and that doesn't seem to be working. Can anyone offer me some insight?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-07-2010 07:05 PM
тАО12-07-2010 07:05 PM
Re: Send audit logging to syslog for centralized syslog server
http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1454565
Shibin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 09:51 AM
тАО12-08-2010 09:51 AM
Re: Send audit logging to syslog for centralized syslog server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-08-2010 02:48 PM
тАО12-08-2010 02:48 PM
Re: Send audit logging to syslog for centralized syslog server
After which I did created a file using touch, chmod, chgrp, vi'ed the file, and then deleted it. Shouldn't I have been able to see these changes in the auditlog? And shouldn't it show the file that was created/changed/removed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2010 02:53 PM
тАО12-16-2010 02:53 PM
Re: Send audit logging to syslog for centralized syslog server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2010 04:03 PM
тАО12-16-2010 04:03 PM
Solutionauth.info @
To keep the auth records from showing up in syslog.log, add: auth.none to the syslog.log entry like this:
*.info;mail.none;auth.none /var/adm/syslog/syslog.log
auth.info @
NOTE: NO SPACES! Every space in the syslog.conf file causes the entire to be silently ignored. Use TAB to separate elements.
However, it appears (man audsys) that audsys never uses syslog because the log can grow VERY fast (dozens of MB in minutes). Conversely, the default location for audsys logs is /, the dumbest place for log files. So you can script an audsys logfile scanner (tail will never work because the logfiles are switched regularly). The scanner would find the newest file, then use logger to extract the last record as well as determine (with wc) the file size. Then every few seconds, check the file size and grab all new records and send them using logger. The script will also have to monitor the audsys logfile switch. Not elegant, but that's the way audsys works.
NOTE: audsys can generate massively large logs and therefore massive network traffic when configured inappropriately.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2011 07:50 AM
тАО02-01-2011 07:50 AM