Originally posted by: zayadeen11

dears,

have a nice day ..

i am an information security officer at my company , one of my tasks is to monitor AIX servers logs and reports , but the problems is i dont know from where i can start and what report/logs shall i consider .

kindly advise .
#AIX-Forum

Originally posted by: blanckea

Hello,
If you are speaking about security related logs, you should start with the following :
http://www.ibm.com/support/docview.wss?uid=isg3T1000212
About auditing.
Regards
#AIX-Forum

Originally posted by: aarcee

Have a look at the "/etc/security/audit" folders. You can set your own events and objects and do the config's .

Start the audit using "audit start"
#AIX-Forum

Originally posted by: zayadeen11

thanks,

but can we use audit logs or any other options to do the following :

1- list of all users and their privileges.
2- failed attempts to systems.
3- users with last logins or accounts has bot been used for a long time .
4- users with FTP access.

regards
#AIX-Forum

Originally posted by: zayadeen11

thanks,

but can we use audit logs or any other options to do the following :

1- list of all users and their privileges.
2- failed attempts to systems.
3- users with last logins or accounts has bot been used for a long time .
4- users with FTP access.

regards
#AIX-Forum

Originally posted by: mmveiga

1- list of all users and their privileges.
lsuser ALL

2- failed attempts to systems.
who /etc/security/failedlogin

3- users with last logins or accounts has bot been used for a long time .
/etc/security/lastlog stores that information

4- users with FTP access.
Any user not listed on /etc/ftpusers

Marcelo.
#AIX-Forum

Originally posted by: DorukAksoy

which logs you want to see?
#AIX-Forum