- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: HP-UX11i and the syslog file
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 01:50 PM
тАО07-23-2002 01:50 PM
Is there anyone out there who knows a comprehensive list of all commands on 11i which write to the syslog??
cheers
Adam.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 02:18 PM
тАО07-23-2002 02:18 PM
Re: HP-UX11i and the syslog file
Well any application can write to it, and some apps allow you to configure to do so.
Was there something you are looking for?
live free or die
harry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 02:19 PM
тАО07-23-2002 02:19 PM
Re: HP-UX11i and the syslog file
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 03:37 PM
тАО07-23-2002 03:37 PM
Re: HP-UX11i and the syslog file
Perhaps if we knew the background behind your question, we could suggest additional ways of solving the problem.
--M????a
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 04:21 PM
тАО07-23-2002 04:21 PM
Re: HP-UX11i and the syslog file
I am actually integrating hp-ux 11i with our Risk Manager product which correlates possible intrusion and security violation on the system.
I am trying to map all base standard OS commands (eg su, rlogind, etc) so that any malicious intent can be picked up from the log file and correlated.
So, I need to know which of the base OS commands can potentially if configured correctly, (like su, rlogind etc) will write to the syslogd.
Also.....which process uses the 'login' command and does it's error messages write to it's log file through the syslod API or of it's own accord? i.e is there any chance that error's for 'login' command will write to the syslog?
cheers in advance
Adam.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 05:47 PM
тАО07-23-2002 05:47 PM
SolutionOne thing you're probably going to want to do is read /etc/syslogd.conf to see where the different syslog facilities/priorities are going. The *standard* for a lot of stuff may be /var/adm/syslog/syslog.log, but it can be changed (and isn't the only location even in a default configuration).
One idea is to collect a bunch of syslogs from different places and go through them. syslogd writes in a specific format and you should be able to pluck out command names.
Things that write there (in a default config) include: syslogd, vmunix, nettl, rpcbind, inetd, xntpd, diagmond, su, cmcld, cmclconfd, cmtaped, telnetd, cmsrvassistd, cmlvmd, Networker daemons. Sorry, those aren't all base OS commands, but while I was at it... ;)
AFAIK, the login command will not write to syslog; it writes to /var/adm/wtmp and (if configured) /var/adm/btmp. The last (successful) and lastb (unsuccessful) commands will read those files. I *believe*, but am not sure, that things using /usr/bin/login are: getty(1m), login(1), telnetd(1m), rlogind(1m). I'm not immediately sure about rexecd and remshd, etc.
HTH.
--M????a
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2002 08:14 PM
тАО07-23-2002 08:14 PM
Re: HP-UX11i and the syslog file
such a list may not be avialble. u can not say which command is writing to syslog. but almost all services will write to syslog. mail, EMS, debug etc., iam giving a sample syslog file.
-------------------
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.alert /var/adm/syslog/alert.log
*.crit /var/adm/syslog/crit.log
*.crit root
*.emerg /var/adm/syslog/emerg.log
*.emerg *
auth.debug /var/adm/syslog/auth.log
daemon.debug /var/adm/syslog/daemon.log
*.* @hpdev
*.debug;mail.none /var/adm/syslog/debug.log
------------------------
regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-24-2002 12:03 PM
тАО07-24-2002 12:03 PM