AIX Logging Configurations

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.



The specific files and directories contain critical information as payment data and configurations.



Actions required for auditing: file/directory access, content/name modifications and deletions.



File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt



Directory example (directory name: incoming_payments): /data/incoming_payments/



Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.



Question: How do I enable that specific/target file and directory audit?







share|improve this question





















  • High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
    – Jeff Schaller
    May 2 at 16:56














up vote
0
down vote

favorite












I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.



The specific files and directories contain critical information as payment data and configurations.



Actions required for auditing: file/directory access, content/name modifications and deletions.



File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt



Directory example (directory name: incoming_payments): /data/incoming_payments/



Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.



Question: How do I enable that specific/target file and directory audit?







share|improve this question





















  • High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
    – Jeff Schaller
    May 2 at 16:56












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.



The specific files and directories contain critical information as payment data and configurations.



Actions required for auditing: file/directory access, content/name modifications and deletions.



File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt



Directory example (directory name: incoming_payments): /data/incoming_payments/



Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.



Question: How do I enable that specific/target file and directory audit?







share|improve this question













I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.



The specific files and directories contain critical information as payment data and configurations.



Actions required for auditing: file/directory access, content/name modifications and deletions.



File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt



Directory example (directory name: incoming_payments): /data/incoming_payments/



Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.



Question: How do I enable that specific/target file and directory audit?









share|improve this question












share|improve this question




share|improve this question








edited May 2 at 12:27









Jeff Schaller

31.1k846105




31.1k846105









asked May 2 at 12:25









K Korir

1




1











  • High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
    – Jeff Schaller
    May 2 at 16:56
















  • High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
    – Jeff Schaller
    May 2 at 16:56















High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
– Jeff Schaller
May 2 at 16:56




High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
– Jeff Schaller
May 2 at 16:56















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441311%2faix-logging-configurations%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441311%2faix-logging-configurations%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?