Auditing Linux agent Problem


Hello Experts,

I have problems related to the auditor. I have managed to connect the
linux agents but the problem is that the activity done on the agent that
are accepted or rejected by the server are not showing on the compliance
auditor. The activity log of the Linux host can be viewed in the hosts
view log but the activity is not shown in the auditor. I can view the
windows agents commands on the auditor.
Any help regarding linux agent auditor would be appreciated.

Regard,
Asim


--
asimkhalid
------------------------------------------------------------------------
asimkhalid's Profile: https://forums.netiq.com/member.php?userid=3169
View this thread: https://forums.netiq.com/showthread.php?t=46280


  • Sounds like you can see the audit data in 'Reporting'. There are 2
    components to PUM.
    Reporting (all audit data) and
    Compliance Auditor (a subset of Reporting, that is pulled into the
    Compliance auditor based on custom rules.)

    As an example, say I have 100 events in a day. In Reporting, it should
    show all 100 events -whether those events were authorized or not
    authorized or session captured or not session captured.

    However for Compliance Auditor, you have to create rules to pull in
    events from Reporting. To do this, go to Home | Compliance Auditor |
    from the left Nav, Audit Rules.

    You can create rules that pull in events based on your criteria, such as
    pull in 5 events, Daily, then the Run Host equals a certain host. You
    can create multiple rules based on your criteria (aka Filter).

    Remember:
    Compliance Auditor was meant to pull in events for a spot check by a
    manager/auditor.
    Reporting was meant to show all audit data.


    --
    deni
    ------------------------------------------------------------------------
    deni's Profile: https://forums.netiq.com/member.php?userid=1793
    View this thread: https://forums.netiq.com/showthread.php?t=46280