AIX Logging Configurations
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.
The specific files and directories contain critical information as payment data and configurations.
Actions required for auditing: file/directory access, content/name modifications and deletions.
File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt
Directory example (directory name: incoming_payments): /data/incoming_payments/
Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.
Question: How do I enable that specific/target file and directory audit?
logs aix syslog audit
add a comment |Â
up vote
0
down vote
favorite
I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.
The specific files and directories contain critical information as payment data and configurations.
Actions required for auditing: file/directory access, content/name modifications and deletions.
File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt
Directory example (directory name: incoming_payments): /data/incoming_payments/
Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.
Question: How do I enable that specific/target file and directory audit?
logs aix syslog audit
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.
The specific files and directories contain critical information as payment data and configurations.
Actions required for auditing: file/directory access, content/name modifications and deletions.
File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt
Directory example (directory name: incoming_payments): /data/incoming_payments/
Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.
Question: How do I enable that specific/target file and directory audit?
logs aix syslog audit
I would like monitor specific/target files and directories on AIX server by enabling audit on only those files and directories without enabling global file and directory auditing.
The specific files and directories contain critical information as payment data and configurations.
Actions required for auditing: file/directory access, content/name modifications and deletions.
File example (filename: outgoing_eft.txt): /data/outgoing_payments/outgoing_eft.txt
Directory example (directory name: incoming_payments): /data/incoming_payments/
Once audit is enabled, logs will be forwarded to QRadar SIEM via, say, syslog.
Question: How do I enable that specific/target file and directory audit?
logs aix syslog audit
edited May 2 at 12:27
Jeff Schaller
31.1k846105
31.1k846105
asked May 2 at 12:25
K Korir
1
1
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56
add a comment |Â
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f441311%2faix-logging-configurations%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
High level (apologies for not creating an Answer yet); enable the audit system, create a rule for those files, then monitor the audit log for those events and syslog them along. www-01.ibm.com/support/docview.wss?uid=isg3T1000212
â Jeff Schaller
May 2 at 16:56