[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: [syslog-ng]Integrating Solaris BSM audit with syslog-ng
From: Olivia Leonard <Olivia.Leonard () davy ! ie>
Date: 2004-03-23 10:22:46
Message-ID: 9BF54580E7ADD711BBAB00902793685173A30F () exchange ! davy ! ie
[Download RAW message or body]
Hi
I am trying to set up a unified logging environment for Solaris, HP-UX and
Windows NT/2000 servers. The centralized logging and reporting server will
run syslog-ng and accept syslog messages (with an agent converter for
NT/2000) from all the servers on the network. I will then use swatch to
report against these logs, both near real-time for critical events and daily
reports for events which must be monitored but are not considered critical.
All Solaris boxes will configured to use the Basic Security Module and audit
against events such as successful/failed logins, su and so on. Given that
the auditd writes it's files in binary and a tool such as praudit must be
used to report against them, I was wondering if anyone knew of a way of
integrating this into syslog-ng, maybe by using local0 -7, or there is
package out there that does this? We live in hope ......
Regards
Olivia
The Information is this email is confidential and may be legally privileged. It is \
intended solely for the addressee. Access to this email by anyone else is \
unauthorised. If you are not the intended recipient, any disclosure, copying, \
distribution or any other action taken or any views, opinions or advice contained in \
this email are those of the sending individual and not necessarily those of the firm. \
It is possible for data transmitted by e-mail to be deliberately or accidentally \
corrupted or intercepted. For this reason where the communication is by email, J&E \
Davy does not accept any responsibility for any breach of confidence which may arise \
from the use of this medium. If you have received this e-mail in error please notify \
us immediately at mailto:helpdesk@davy.ie and delete this e-mail from your system.
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2656.60">
<TITLE>Integrating Solaris BSM audit with syslog-ng</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR="#800080" SIZE=2 FACE="Century Gothic">Hi</FONT>
</P>
<P><FONT COLOR="#800080" SIZE=2 FACE="Century Gothic">I am trying to set up a unified \
logging environment for Solaris, HP-UX and Windows NT/2000 servers. The centralized \
logging and reporting server will run syslog-ng and accept syslog messages (with an \
agent converter for NT/2000) from all the servers on the network. I will then use \
swatch to report against these logs, both near real-time for critical events and \
daily reports for events which must be monitored but are not considered \
critical.</FONT></P>
<P><FONT COLOR="#800080" SIZE=2 FACE="Century Gothic">All Solaris boxes will \
configured to use the Basic Security Module and audit against events such as \
successful/failed logins, su and so on. Given that the auditd writes it's files in \
binary and a tool such as praudit must be used to report against them, I was \
wondering if anyone knew of a way of integrating this into syslog-ng, maybe by using \
local0 -7, or there is package out there that does this? We live in hope \
......</FONT></P>
<P><FONT COLOR="#800080" SIZE=2 FACE="Century Gothic">Regards</FONT>
<BR><FONT COLOR="#800080" SIZE=2 FACE="Century Gothic">Olivia</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<BR>
<FONT SIZE=3><BR>
<BR>
The Information is this email is confidential and may be legally privileged. It is \
intended solely for the addressee. Access to this email by anyone else is \
unauthorised. If you are not the intended recipient, any disclosure, copying, \
distribution or any other action taken or any views, opinions or advice contained in \
this email are those of the sending individual and not necessarily those of the firm. \
It is possible for data transmitted by e-mail to be deliberately or accidentally \
corrupted or intercepted. For this reason where the communication is by email, J&E \
Davy does not accept any responsibility for any breach of confidence which may arise \
from the use of this medium. If you have received this e-mail in error please notify \
us immediately at mailto:helpdesk@davy.ie and delete this e-mail from your \
system.<BR> </FONT>
</BODY>
</HTML>
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic