Re: How can I get an alert if someone views or changes syslog.
phn_at_icke-reklam.ipsec.nu
Date: 12/14/04
- Previous message: Bill Marcum: "Re: How can I get an alert if someone views or changes syslog."
- In reply to: Liam: "How can I get an alert if someone views or changes syslog."
- Next in thread: bostontechgroup: "Re: How can I get an alert if someone views or changes syslog."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Dec 2004 20:40:24 +0000 (UTC)
Liam <liamhearne@hotmail.com> wrote:
> I need to be able to identify if an individual views, changes or tries
> to delete the syslog on an AIX or Solaris server.
> Is there anything freeware available to monitor & alert, or monitor &
> call something else (Tivoli) to alert.
> I know we could pick up on changes to the file, but I can't find
> anything that spots someome viewing it..
Why do you give the users authority to read or change the syslog files & directories
in the first place ? If you fill your machines with users you
don't trust and don't implement "normal admin precautions" - well
you got yourself into trouble.
As a last resort, direct syslogs to a different machine.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Previous message: Bill Marcum: "Re: How can I get an alert if someone views or changes syslog."
- In reply to: Liam: "How can I get an alert if someone views or changes syslog."
- Next in thread: bostontechgroup: "Re: How can I get an alert if someone views or changes syslog."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
