File Notifications

In addition to compiling the log, the log routing facility can send notifications to the display screen of the host, to an email address, or to other destinations. You can base notifications on information from your station's own audit log or from logs that the collector daemon has brought to your station.
capamsc141
In addition to compiling the log, the log routing facility can send notifications to the display screen of the host, to an email address, or to other destinations. You can base notifications on information from your station's own audit log or from logs that the collector daemon has brought to your station.
To set up such notifications, use the log routing configuration file
and
a selang command. Example: Notify the user John whenever a setuid request to the user root is successfully made.
  1. Issue the following selang command:
    chres SURROGATE USER.root notify(John)
    This chres command specifies that each time someone surrogates user to root, a special audit log record is created, and the seosd daemon is to notify the user named John. The daemon also creates a special audit record that is named a
    notification record
    .
  2. Once you have specified notification for one or more resources, you can add the following three lines to the log routing configuration file.
    Rule2 notify default .
    This line causes the log routing emitter to create a mail message for the notification audit record.
    For more information about the configuration file format and setting up the log routing daemons, see the
    Reference Guide
    .