Hi,
I asked if it is possible to change the logging format of the
/var/adm/sialog file. The simple answer is no. Use auditd to audit
events instead.
Thanks to Spider Boardman <spider_at_Orb.Nashua.NH.US> For the information.
His reply is attached below.
Leon
-------------
Leon Troeth
lanks_at_yoyo.cc.monash.edu.au
http://www-personal.monash.edu.au/~lanks/
> No, what you want isn't possible. The /var/adm/sialog file is
> for debugging purposes only, and only logs what the developer SIA
> wanted to see. The approved method of finding that information
> is to run auditd (see /usr/sbin/audit_setup) with an event list
> which includes the various "trusted events". This is most easily
> done by telling audit_setup that you want to give the auditable
> events on the command line (done by answering "*" when it asks
> for the name of the file) and listing only "trusted_event" as the
> command-line list of events. (Other auditable events may also be
> of interest, but you need to balance what you audit with how much
> disk space you can afford to have the audit logs occupy.)
Received on Sat Nov 01 1997 - 18:21:24 NZDT