[logs] Unix privileged access logging

[James B Horwath]

Paul:

Thanks a bunch, this worked very well - and it's cost effective.

Regards,
Jim







"Paul Melson" <pmelson at gmail.com> 
05/17/2007 09:40 AM



To
"'James B Horwath'" <Jim_Horwath at glic.com>, <loganalysis at loganalysis.org>
cc

Subject
RE: [logs] Unix privileged access logging






> One of the items I am struggling with right now is logging Unix 
privileged
commands (add/deletes/etc). 
> On some flavors of Unix  administrative actions are available via menus 
as
well as the command line. 
> The command menus provide no method for syslog integration and the menus
provide a convenient tool fort 
> staff.  The native audit subsystem produces such a large volume of data,
parsing said data is not 
> practical.  Although sudo logs all administrative access, it seems many
admins lack the discipline to 
> use sudo on a routine basis other than to sudo su -. 
> Are there any tool recommendations? 

I think your best bet is to log shell commands for the root user to 
syslog.
Check out:

http://blogs.sun.com/chrisg/entry/logging_commands_in_korn_shell


PaulM




-----------------------------------------
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070517/1435673f/attachment-0001.html