Besides compiling the log, the log routing facility can also send notifications to the host's display screen, to an email address, or to other destinations. You can base notifications on information from your station's own audit log or from logs that the collector daemon has brought to your station.
To set up such notifications, you need to use the log routing configuration file and a selang command. For example, suppose you want to notify the user John whenever a setuid request to user root is successfully made.
chres SURROGATE USER.root notify(John)
This chres command specifies that each time someone surrogates user to root, a special audit log record is created, and the seosd daemon is to notify the user named John. The daemon also creates a special kind of audit record called a notification record.
Rule2 notify default .
This line causes the log routing emitter to create a mail message for the notification audit record.
Note: For more information about the configuration file format and setting up the log routing daemons, see the Reference Guide.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|