Auditd is the userland piece of the RHEL audit tool suite. When its up and running, audit messages sent by the kenel will be send to log files that you have configured. By default, only a small and limited number of messages will be picked up by Auditd; these are mostly messages related to authentication and authorization.
syslog
RHEL6: Using Advanced Log File Filtering in Rsyslog
So by default when you forward logs to a syslog/rsyslog server all the logs end up in the same file (ususally configured to go to the messages file). Sometimes one may prefer to forward logs from a particular server to a separate logfile. I know for a fact that my sometimes friends in our info-sec group prefers this setup.
Sudosh Make Me a Sandwich: Install and Configure Sudosh in Solaris 9/10
SandwichWelcome to the way-back machine again. This time we are going to take a look at installing and configuring sudosh on Solaris with the purpose of using sudosh as a replacement for sudo (at least sudo to root). Using sudosh in this manner allows us to still allow users to become root, but also allows us to track each and every command that they run once they become root.
HomeLab: Basic Syslog Configuration on Cisco Catalyst Devices
In my homelab setup I am dumping syslog on all my devices to my Linux desktop. Have not figure out what I am going to do with it yet, but I see myself either setting up Splunk or Greylog in the near future. Note, a while back I wrote a post on how to configure rsyslog on RHEL 6 - s0 if you are interested you can find that post here.
RHEL6 – Getting Up Close and Personal With Rsyslog
LogRsyslog has replaced Syslog as the default logging daemon in RHEL6. Rsyslog was designed to complete with syslog-ng and has several enhancements over plain old syslog. This includes but is not limited to more granularity with timestamps, direct database logging, TCP support, and relay server names in host fields which makes it easier to track the path a message has taken.
Below we are going to take a look at a few simple rsyslog configuration items.
Configuring Remote Syslog in ESXi 4.1 via the Linux RCLI
First thing you need to know about ESXi is that it rolls its log after a reboot, meaning if your ESXi server crashes there will be no logs to review and no way of knowing what when to hell and where. For this reason it is imperative that you setup a remote syslog server and … Continue reading Configuring Remote Syslog in ESXi 4.1 via the Linux RCLI