Re: Program Logging.

• Previous message: Bodo Eggert: "Re: Multiple Apcahe Instance in Chrooted Environment"
• In reply to: Barry Margolin: "Re: Program Logging."
• Next in thread: dpuryear_at_usa.net: "Re: Program Logging."
• Reply: dpuryear_at_usa.net: "Re: Program Logging."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 14 May 2004 07:10:45 -0700

Thanks for the replies.
What I have found so far:
On Solaris BSM auditing tool provides everything all nice and neat.
On AIX neither accounting or auditing record args, only thing that I
have found to generate arg info is trace. Trace generates huge logs
though, and does not provide a timestamp GID or UID. I am attempting
to parse trace logs and audit logs and correlate the two. Once I get
that resolved I will look into HP-UX.
I hope HP auditing/accounting is more flexible then AIX.

Barry Margolin <barmar@alum.mit.edu> wrote in message news:<barmar-ED5C68.13134711052004@comcast.ash.giganews.com>...
> In article <c7r0lt$c7s$1@e250.ripco.com>, comphelp@toddh.net (Todd H.)
> wrote:
>
> > mforte3@bloomberg.net (contextswitch) writes:
> >
> > > I need to log UID GID EUID EGID program name,arguments, and time run
> > > across Solaris, AIX and HP-UX platforms. For example, every time a
> > > user or program runs rcp I need a log entry generated which includes
> > > the above information.
> > > root other root other ./rcp foo Thu May 06 16:34:53 2004
> > > Are there any known tools which will acomplish this? Thanks.
> >
> > Have you looked into syslog? If your syslog logging level is
> > sufficiently verbose, you may get the tracking you wish for free.
> >
> > There are several man pages available for syslog and its accompanying
> > .conf file.
> >
> > Best Regards,
>
> Syslog only logs things that the applications send to it, and most
> programs don't log anything (it's mostly used only by daemons).
>
> What the OP should look into is process accounting. However, I don't
> think it typically logs arguments, just the process name, uid, and run
> time.

• Previous message: Bodo Eggert: "Re: Multiple Apcahe Instance in Chrooted Environment"
• In reply to: Barry Margolin: "Re: Program Logging."
• Next in thread: dpuryear_at_usa.net: "Re: Program Logging."
• Reply: dpuryear_at_usa.net: "Re: Program Logging."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: audit trails for file access ... I actually use NTSyslog to send my logs off to a syslog server, ... On the syslog server side, I use syslog-ng to log to a MySQL database. ... In regards to logging to another machine, use the Eventlog to Syslog ... (Focus-Microsoft) Re: Windows event auditing and reporting ... Log to Syslog translators and subsequent Syslog reporting tools. ... Once you get your logs into a generally vendor-agnostic format such as ... Event logs, especially DC logs for events such as New user accounts, ... Computer Emergency Response Teams, and Digital Investigations. ... (Security-Basics) Re: log file how to? ... Once auditing is enabled, you might also try ElUnDump for html-based reports ... of Windows event logs. ... > You can enable auditing on your computers however for what you would want ... (microsoft.public.win2000.networking) Re: Cisco ASA Syslog Messages ... syslog log files and alert us based on specific queries. ... look for in the logs. ... take a look at some of the PIX syslog tools at ... (comp.dcom.sys.cisco) RE: Trace of 139 attack? ... Enabling auditing is as important as what you enable. ... data in the logs, as well. ... That way, if the attacker ... Make international calls for as low as $.04/minute with Yahoo! ... (Focus-Microsoft)