Anonymous_User Absent Member.
Absent Member.

Script not working

We are trying to use sample "Log Originating Host in Auditing" but this
is not getting logged in HPUX & Redhat Linux but getting properly
updated in AIX. Also, when I am attaching this script with any rule,
command executes according to rule but no audit log is getting updated
in PUM reports.

Not sure, whats the issue with HPUX & Redhat. Do we need any perl module
on HPUX & Redhat for this?


rajeshemailto's Profile:
View this thread:

1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Script not working

I'm assuming you are meaning 'Log Originating Host IP Address in
Auditing' sample rule included in within PUM.

I did a very simple rule to test:

Begin Rule: test
If ((command IN pcksh))
Set Authorize: yes
Set Session Capture: yes
Run Script: Log Originating Host IP Adress in Auditing()
Stop if authorized
End If
End Rule: test

I tested this on the following hosts and they worked just fine for me:

SLES 11SP2 64bit
AIX 5.3
RedHat 5.6 6bit
HPUX 11.11

Each time, I went into the GUI | Reporting and under the host column, it
showed me the host as well as the IP/DNS name of the originiating host.

I'd start by looking in the unifid.log on the agent to see if there are
any errors related to the script. Next I would look in the Command
Control Manager unifid.log for errors.

- Brett

deni's Profile:
View this thread:

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.