Configuring AIX Syslog

AIX servers automatically generate events that are stored in the syslog. You can use the stored security audit events to audit the AIX/UNIX server using the Event Manager “out-of-the-box” security template.

To audit AIX Syslog records you need to modify the host file and syslog configuration file.

Set the IP address of the server running Event Manager Monitoring Node in the Hosts file. The host file is in the folder /etc/hosts. Add the following entry to the hosts file:

IP Address serverhelpsystems

For example:

192.168.0.5 serverhelpsystems

Indicate which messages should be sent to ThinkServer adding the following lines to the syslog configuration file located in /etc/syslog.conf.

*.info @serverhelpsystems

 *.alert @serverhelpsystems

 *.notice @serverhelpsystems

 *.debug @serverhelpsystems

 *.err @serverhelpsystems

 *.crit @serverhelpsystems

 *.emerg @serverhelpsystems

This tells the AIX server where to send each message type.

NOTE: The value @serverhelpsystems must be defined in the hosts file as described in step 1.

NOTE: Unlike Linux, AIX does not support *.*

Refresh the syslog daemon using the following commands:

stopsrc -s  syslogd 

startsrc -s syslogd

TIP: To stop and start in a single command, use refresh -s syslogd.

Once you have completed this step, all syslog records are sent to the IP address defined in step 1 of this process. Machine serverhelpsystems, where Event Manager is installed, is running the “out-of-the-box” security template from which the syslog retrieves AIX information and stores it in the Event Manager database.