[syslog-ng]Integrating Solaris BSM audit with syslog-ng

Olivia Leonard syslog-ng@lists.balabit.hu
Tue, 23 Mar 2004 10:22:46 -0000 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C410C0.C907085D
Content-Type: text/plain; charset="iso-8859-1"

Hi

I am trying to set up a unified logging environment for Solaris, HP-UX and
Windows NT/2000 servers. The centralized logging and reporting server will
run syslog-ng and accept syslog messages (with an agent converter for
NT/2000) from all the servers on the network. I will then use swatch to
report against these logs, both near real-time for critical events and daily
reports for events which must be monitored but are not considered critical.

All Solaris boxes will configured to use the Basic Security Module and audit
against events such as successful/failed logins, su and so on. Given that
the auditd writes it's files in binary and a tool such as praudit must be
used to report against them, I was wondering if anyone knew of a way of
integrating this into syslog-ng, maybe by using local0 -7, or there is
package out there that does this? We live in hope ......

Regards
Olivia








The Information is this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any other action taken or any views, opinions or advice contained in this email are those of the sending individual and not necessarily those of the firm. It is possible for data transmitted by e-mail to be deliberately or accidentally corrupted or intercepted. For this reason where the communication is by email, J&E Davy does not accept any responsibility for any breach of confidence which may arise from the use of this medium. If you have received this e-mail in error please notify us immediately at mailto:helpdesk@davy.ie and delete this e-mail from your system.


------_=_NextPart_001_01C410C0.C907085D
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2656.60">
<TITLE>Integrating Solaris BSM audit with syslog-ng</TITLE>
</HEAD>
<BODY>

<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Hi</FONT>
</P>

<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">I am trying to =
set up a unified logging environment for Solaris, HP-UX and Windows NT/2000=
 servers. The centralized logging and reporting server will run syslog-ng a=
nd accept syslog messages (with an agent converter for NT/2000) from all th=
e servers on the network. I will then use swatch to report against these lo=
gs, both near real-time for critical events and daily reports for events wh=
ich must be monitored but are not considered critical.</FONT></P>

<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">All Solaris box=
es will configured to use the Basic Security Module and audit against event=
s such as successful/failed logins, su and so on. Given that the auditd wri=
tes it's files in binary and a tool such as praudit must be used to report =
against them, I was wondering if anyone knew of a way of integrating this i=
nto syslog-ng, maybe by using local0 -7, or there is package out there that=
 does this? We live in hope ......</FONT></P>

<P><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Regards</FONT>
<BR><FONT COLOR=3D"#800080" SIZE=3D2 FACE=3D"Century Gothic">Olivia</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<BR>

<FONT SIZE=3D3><BR>
<BR>
The Information is this email is confidential and may be legally privileged=
. It is intended solely for the addressee. Access to this email by anyone e=
lse is unauthorised. If you are not the intended recipient, any disclosure,=
 copying, distribution or any other action taken or any views, opinions or =
advice contained in this email are those of the sending individual and not =
necessarily those of the firm. It is possible for data transmitted by e-mai=
l to be deliberately or accidentally corrupted or intercepted. For this rea=
son where the communication is by email, J&E Davy does not accept any respo=
nsibility for any breach of confidence which may arise from the use of this=
 medium. If you have received this e-mail in error please notify us immedia=
tely at mailto:helpdesk@davy.ie and delete this e-mail from your system.<BR>
</FONT>
</BODY>
</HTML>
------_=_NextPart_001_01C410C0.C907085D--