syslogd: audit files and commands

[Dr_Death_UAE]

Hello, Hello, I configure my FreeBSD 7.1 box to send logs to a central syslog server.

It work fine, i want to show created and deleted files, also all executed commands.

I enable all logs type:

*.emerg @syslog_server
*.alert @syslog_server
*.crit @syslog_server
*.err @syslog_server
*.warning @syslog_server
*.notice @syslog_server
*.info @syslog_server
*.debug @syslog_server
*.none @syslog_server

is it possible with out install additional packets

 

[SirDice]

It work fine, i want to show created and deleted files, also all executed commands.

You will need to enable and configure auditting.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html

 

[Dr_Death_UAE]

is it possible to make audit daemon to send it's record to syslog daemon.

 

[Mel_Flynn]

Maybe, but first read the warning:

Warning: It is easy to produce audit event feedback cycles, in which the viewing of each audit event results in the generation of more audit events. For example, if all network I/O is audited, and praudit(1) is run from an SSH session, then a continuous stream of audit events will be generated at a high rate, as each event being printed will generate another event. It is advisable to run praudit on an audit pipe device from sessions without fine-grained I/O auditing in order to avoid this happening.

Origin: Handbook

You can then try:
praudit /dev/auditpipe | logger

Though I think, you should carefully filter this output for what's really important.