File Notifications
Besides compiling the log, the log routing facility can also send notifications to the host's display screen, to an email address, or to other destinations. You can base notifications on information from your station's own audit log or from logs that the collector daemon has brought to your station.
cminder12902
Besides compiling the log, the log routing facility can also send notifications to the host's display screen, to an email address, or to other destinations. You can base notifications on information from your station's own audit log or from logs that the collector daemon has brought to your station.
To set up such notifications, you need to use the log routing configuration file
and
a selang command. For example, suppose you want to notify the user John whenever a setuid request to user root is successfully made.- Issue the following selang command:
This chres command specifies that each time someone surrogates user to root, a special audit log record is created, and the seosd daemon is to notify the user named John. The daemon also creates a special kind of audit record called achres SURROGATE USER.root notify(John)notification record. - Once you have specified notification for one or more resources, you can add the following three lines to the log routing configuration file.
This line causes the log routing emitter to create a mail message for the notification audit record.Rule2 notify default .For more information about the configuration file format and setting up the log routing daemons, see theReference Guide.