IBM AIX Auditing and Real-Time Monitoring Overview
IBM AIX Auditing and Real-Time Monitoring Overview
The IBM AIX Knowledge Pack expands the auditing and reporting capabilities of InTrust to IBM AIX. The Knowledge Pack enables InTrust to work with IBM AIX Syslog, text logs, and Audit log.
The following table shows what you can audit and monitor on AIX:
Syslog messages |
Yes |
Yes |
Text logs of any format |
Yes |
No |
Configuration file modification |
Yes |
Yes |
AIX audit logs |
Yes |
No |
Setup
Requirements
For details about IBM AIX versions compatible with the InTrust Knowledge Pack for IBM AIX, see IBM AIX Events.
Installation
To enable AIX support in InTrust, the AIX Knowledge Pack must be installed on the InTrust server.
The Knowledge Pack is installed as part of the main InTrust installation. The following objects are included:
- Data sources:
- AIX Audit Log
- AIX Syslog
- AIX Accounts Monitoring
- AIX Text Files Monitoring
- Gathering policies:
- AIX: Common Security Events
- AIX: All Syslog Messages
- AIX: Accounts monitoring
- AIX: Text files monitoring
- AIX: All Events from Audit Log
- AIX: filesystem events from Audit Log
- AIX: logins/logouts from Audit Log
- AIX: process execution events from Audit Log
- AIX: system object events from Audit Log
- Import policies:
- AIX: Common Security Events
- AIX: All Syslog Messages
- AIX: Accounts monitoring
- AIX: Text files monitoring
- AIX: All Events from Audit Log
- AIX: filesystem events from Audit Log
- AIX: logins/logouts from Audit Log
- AIX: process execution events from Audit Log
- AIX: system object events from Audit Log
- Consolidation policies:
- AIX logs consolidation
- AIX logs consolidation for the last month
- Tasks:
- AIX logs—daily collection
- AIX configuration changes daily collection
- AIX weekly reporting
- “AIX hosts” site
- “AIX: security” real-time monitoring policy
- Reports:
- AIX login statistics
- AIX successful logins
- AIX su activity
- AIX failed login attempts
- AIX multiple failed login attempts
- All AIX syslog events
- AIX User management
- AIX Group management
- AIX Group membership management
- AIX Configuration files modifications
- AIX File Permission Changes
- AIX Password Changes
- AIX Reboots
- Rules:
- ‘su root’ succeeded
- Multiple failed logins
- Login authentication failed
- Failed ‘su’ attempt
- Successful login by root
- User account created
- User account removed
- Group created
- Group removed
- User added to the group
- User removed from the group
- Syslog.conf file modified
- Text file modified
To install the Knowledge Pack, launch its setup package on the InTrust server.