AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

AIX audilt logs to a remote syslog server

  • 1.  AIX audilt logs to a remote syslog server

    Posted Wed December 02, 2009 07:38 AM

    Originally posted by: SystemAdmin


    Hi,

    I was able to forward AIX server logs /var/adm/messages to a remote syslogserver.

    I would like to know how to forward AIX audit logs.

    Please advice.


  • 2.  Re: AIX audilt logs to a remote syslog server

    Posted Wed December 02, 2009 10:20 AM

    Originally posted by: hdkutz


    Hello,
    just to clarify:
    What entries are in your /etc/syslog.conf?

    If I remember right, you could specify user.debug facility to put all Login Information to your Syslog-Server.

    If you want to put real AIX audit trails to syslog-Server, hmm thats difficult.
    Take a look a the Redbook:
    Accounting and Auditing on AIX 5L
    Maybe there you find an answer in doing this.

    By the way, accounting takes a lot of Performance. Are you really sure that you want this?

    Cheers,
    ku


  • 3.  Re: AIX audilt logs to a remote syslog server

    Posted Thu December 03, 2009 04:25 AM

    Originally posted by: SystemAdmin


    Hi,

    Thanks for the information.

    In Syslog config file added the following line:

    . @ hostname

    From user.debug can we get the information of password change event.

    --
    Thanks,
    Manik


Related Content