- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Syslog.conf file configuration
Operating System - HP-UX
1753501
Members
4588
Online
108794
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-29-2009 07:35 AM
тАО07-29-2009 07:35 AM
Syslog.conf file configuration
Hi there,
We gonna have to integrate HP-UX server to a centralized RSA enVision Log management tool for meeting our compliance requirements.
From HP-UX we need to enable the following events by editing the /etc/syslog.conf file:
* All actions taken by any individual with administrative privileges
* Initialization of the audit logs
* Creation and deletion of system-level objects
* Authentication events (Log off/Logon)
* Invalid Logon attempts due to incorrect password.
It would be great if you could let me know the
facility.level combination for the events above. For e.g I'm aware for authentication events I'd use "auth.debug". For other I'm not quite sure about the facility which handles such events. Thank you in advance.
V
We gonna have to integrate HP-UX server to a centralized RSA enVision Log management tool for meeting our compliance requirements.
From HP-UX we need to enable the following events by editing the /etc/syslog.conf file:
* All actions taken by any individual with administrative privileges
* Initialization of the audit logs
* Creation and deletion of system-level objects
* Authentication events (Log off/Logon)
* Invalid Logon attempts due to incorrect password.
It would be great if you could let me know the
facility.level combination for the events above. For e.g I'm aware for authentication events I'd use "auth.debug". For other I'm not quite sure about the facility which handles such events. Thank you in advance.
V
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 06:20 AM
тАО07-30-2009 06:20 AM
Re: Syslog.conf file configuration
Folks, any takers for this post? I've got points to offer. Thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 08:13 AM
тАО07-30-2009 08:13 AM
Re: Syslog.conf file configuration
The majority of these cannot be done with syslog.
You would probably be better off looking at other products and see if that fit a part of what you need.
Things that come to mind --
Role Based Access Control (RBAC) from HP.
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl
PowerBroker from Symark
http://www.symark.com/products/pboverview.html
>>Creation and deletion of system-level objects
I'm not sure what you mean by this.
You would probably be better off looking at other products and see if that fit a part of what you need.
Things that come to mind --
Role Based Access Control (RBAC) from HP.
http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl
PowerBroker from Symark
http://www.symark.com/products/pboverview.html
>>Creation and deletion of system-level objects
I'm not sure what you mean by this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2009 09:36 AM
тАО07-30-2009 09:36 AM
Re: Syslog.conf file configuration
As mentioned, not everything here can go into syslog facility. There are some 3rd party products that work real well and should satisfy your requirements.
All actions by individual with administrative rights - can use the 'rootsh' in conjunction with sudo. This creates a log file that logs every key stroke. Use this with sudo and you can see when sudo was invoked. The sudo log can be appended to the syslog.
Invalid login - this is logged in the syslog file on a trusted system, can also use the 'last' & 'lastb' commands which come from the wtmp & btmp files
Creation/Deletion of system level objects - unsure exactly what you mean but if you are talking OS level files (or any file for that matter) look into tripwire; it is on the iExpress.
Initialize audit log - the OS will log these events, in the rc.log at boot and typically in the syslog already.
Authentication events - you can get from the 'last' command to see who logon when and for how long.
Unfortunately, not everything will be in 1 location unless you jump through some hoops and customize.
All actions by individual with administrative rights - can use the 'rootsh' in conjunction with sudo. This creates a log file that logs every key stroke. Use this with sudo and you can see when sudo was invoked. The sudo log can be appended to the syslog.
Invalid login - this is logged in the syslog file on a trusted system, can also use the 'last' & 'lastb' commands which come from the wtmp & btmp files
Creation/Deletion of system level objects - unsure exactly what you mean but if you are talking OS level files (or any file for that matter) look into tripwire; it is on the iExpress.
Initialize audit log - the OS will log these events, in the rc.log at boot and typically in the syslog already.
Authentication events - you can get from the 'last' command to see who logon when and for how long.
Unfortunately, not everything will be in 1 location unless you jump through some hoops and customize.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP