Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IBMAIX
Last Modified: Tuesday, June 02, 2015
Event Source (Device) Product Information
Vendor IBM
Event Source (Device) AIX
Supported Versions 5L (Security and Authentication messages only), 6.1, 7.1
RSA Product Information
Supported Version RSA enVision 4.1
Event Source (Device) Type aix, 24
Collection Method Syslog, Syslog NG
Event Source (Device) Class.Subclass Host.UNIX
Content 2.0 Table UNIX
Note: To use IBM AIX 6.1 or later, you must upgrade to Content 2.0.
This document contains the following information for the IBM AIX event source:
l Configuration Instructions
l Release Notes 20150602-231135
l Release Notes 20150331-142850
l Release Notes 20140912-084326
l Release Notes 20140722-160727
Note: For IBM AIX 5L, the RSA enVision appliance only supports the Security and Authentication
messages.
Important: Do not use the -n flag when starting the syslogd daemon. This flag suppresses logging of
priority and facility information for each log message. If this flag is used, the enVision appliance cannot
recognize AIXmessages.
2 IBMAIX
RSAEvent Source
Note: This step is optional. Only perform these tasks if you want to track the changes to the syslog.conf
file.
w = "SYSLOG_WRITE"
Note: The tag "SYSLOG_WRITE" must be copied exactly. No other tags will be
parsed.
d. In the Users section, define the users to monitor for the audit events. For example,
root = general
name = general
a. After the query runs, at the beginning of the output, confirm this line.
auditing on
bin processing off
w = SYSLOG_WRITE
9. If you do not observe logs in real time, you must shut down the audit system and start it again by
running these commands.
a. Shut down the audit system.
/usr/sbin/audit shutdown