Absent Member.
Absent Member.

Diffrence between Audit and Unix logs

Hi Team,

When I run deviceVendor=Unix I am seeing both Unix and Audit logs from the deviceProduct field  (I.e deviceProduct= "Unix" and deviceProduct= "Audit" ).

1) Here please let me know "what is Audit logs" and what is "Unix" logs

2) Suppose if I want to know server reporting status to "Arcsight" then which logs we need to refer (deviceProduct= "Unix" or deviceProduct= "Audit")?

3) From some of the servers I am not seeing Audit logs. - How to get these audit logs. Do we need to enable these audit logs manually in the server if yes - Please provide me the steps.

4)  When ever I am seeing Audit logs, I am seeing the deviceHostName field as with the FQDN name (ex: abc.com). If i refer Unix logs Iam seeing the  deviceHostName field as without the FQDN name (ex: abc)

5) As per the above point Which one is the correct format (With domain name or with out domain name)?

6) When ever I am seeing the Audit logs then I am getting deviceAddress field. But in Unix logs I am not seeing deviceAddress filed. to get deviceAddress  in both cases what needs to be done in the server end?


Ramu Bollu

Labels (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.