Re: Sending audit log info to syslog (803 Views)
Reply
Super Advisor
john guardian
Posts: 309
Registered: ‎09-26-2003
Message 1 of 2 (824 Views)

Sending audit log info to syslog

Can audit info be sent directly to syslog?

 

Goal is to get audit log info to a remote machine via system configuration rather than using a script.

 

Anyone?

 

Thx.

Occasional Advisor
Michael_Pelleti
Posts: 11
Registered: ‎06-28-2011
Message 2 of 2 (803 Views)

Re: Sending audit log info to syslog

The auditing operation and filtering is done inside the kernel, by necessity, so that sharply limits the ability of the auditing system to make use of non-kernel resources such as the syslog daemon.  There's also a significant performance issue involved - you wouldn't want each open() or read() system call to have to wait on a congested network connection, or hang your system because of a network outage, as it was trying to reach an unreachable syslog server.

 

I'd suggest a cron job to periodically run the audit_p2l script or something like it to deliver the accumulated audit information into syslog.

 

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do%3FproductNumber%3DAuditExt

 

Audit Reporting Tools - A set of tools that facilitates the processing of previously collected HP-UX raw audit data and extracts useful information for compliance reporting purposes. The audit reporting tools consist of the following main components:

 

  • An Audit DPMS service module, audit_hpux_portable, that handles audit data that is portable from systems to systems, and good for retention purpose. Also a sample script, audit_p2l, that demonstrates how to convert the portable data into syslog-like messages.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.