HPE Community
Operating System - HP-UX
1833324 Members
3122 Online
110051 Solutions
New Discussion

Re: Syslog.conf

 
SOLVED
Go to solution
Global Server Operation
Frequent Advisor

‎09-19-2005 04:51 AM

‎09-19-2005 04:51 AM

Syslog.conf

I am aksed by an audit to turn on the following logs. Can someone explain to me why some of these are and how to turn them on? Some like the local's, I have not heard of and found on HP's website. Do we really need these turned on?

a. /var/adm/all/kern.log

b. /var/adm/all/user.log

c. /var/adm/all/mail.log

d. /var/adm/all/daemon.log

e. /var/adm/all/auth.log

f. /var/adm/all/syslog.log

g. /var/adm/all/lpr.log

h. /var/adm/all/news.log

i. /var/adm/all/uucp.log

j. /var/adm/all/cron.log

k. /var/adm/all/local0.log

l. /var/adm/all/local1.log

m. /var/adm/all/local2.log

n. /var/adm/all/local3.log

o. /var/adm/all/local4.log

p. /var/adm/all/local5.log

q. /var/adm/all/local6.log

r. /var/adm/all/local7.log

s. /etc/utmp

t. /etc/security/lastlog

u. /var/adm/wtmp

v. /var/adm/messages

w. /var/adm/syslog

x. /var/adm/acct

0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎09-19-2005 04:58 AM

‎09-19-2005 04:58 AM

Solution

Re: Syslog.conf

There is no /var/adm/all directory on HP-UX. It sounds like the auditor is trying to use a generic Unix document and apply it specifically to HP-UX. That ain't gonna work!

Reply
Mel Burslan
Honored Contributor

‎09-19-2005 05:07 AM

‎09-19-2005 05:07 AM

Re: Syslog.conf

What in the world is /var/adm/all directory anyway ? Have never seen or heard about this one at all.
________________________________
UNIX because I majored in cryptology...
Reply
Bill Hassell
Honored Contributor

‎09-19-2005 05:18 AM

‎09-19-2005 05:18 AM

Re: Syslog.conf

This is a very likely a generic list from the auditor without a translation for HP-UX (or AIX or Solaris or Linux, etc 'cause they're all different) mixed in with a bunch of customized files. Let's start with the standard HP-UX files in /var/adm:

syslog is called /var/adm/syslog/syslog.log
(I would leave it there even though you can change it's name and location--other HP-UX professionals will have to go searching otherwise)


/var/adm/acct is NOT a file, it is a directory and only used with accounting turned on (not common)

/etc/security/lastlog is not a standard HP-UX file. The last and lastb commands read the special binary files wtmp and btmp in /var/adm. These files can also be decoded with fwtmp.

messages is often renamed to dmesg.log but you have to enable it yourself using cron, something like this:

00,10,20,30,40,50 * * * * dmesg - >> /var/adm/messages

kern user mail daemon syslog lpr news uucp local0 local1 local2 local3 lcoal4 local5 local6 local7:
are known as syslog facilities and normally, these are all logged into the syslog file. But with (extensive) changes to /etc/syslogd.conf, you can have syslogd split each facility into the different files shown above.

You can tell the auditors that all these facilities are enabled and hand them the /etc/syslog.conf file as proof.


Bill Hassell, sysadmin
Reply
Global Server Operation
Frequent Advisor

‎09-19-2005 05:37 AM

‎09-19-2005 05:37 AM

Re: Syslog.conf

Thanks to all. This has really helped me a lot. I will assign points.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.