Verified Answers

If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it!  Learn more

  • State Verified Answer
  • Replies reply
    1
  • Subscribers subscribers
    165
  • Views views
    355
  • Users 0 members are here
  • Locked Locked
Related
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SA audit: how to check if syslog or rsyslog active

SweeAun
 

Hi,

A client unix environment needs to ensure that either syslog or rsyslog is active.

SA Audit can be use to check their respective log file or running service - but this means 2 different audit policies. Since either one runs, one will be compliant and one will be non-compliant .

Question:
Any best practise on check if either syslog or rsyslog is active, and show compliance if either one is active.

Any suggestion or input welcomed.

Thank you.

sweeaun.lim@microfocus.com

ITOM PreSales, Singapore

  • Verified Answer

    0  

    Create your own custom script rule and run some shell script checking the exit code - if neither pass you get a return code of 1.
    I'm assuming here that each has its own configuration file.  I'm guessing, the files are not important, only how it's accomplished.

    test -f /etc/sysconfig/rsyslog || test -f /etc/sysconfig/syslog

    The success criteria for this script is exit code 0.

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.