Cisco Headend Digital Broadband Delivery System
System Auditing Using BSM
4034689 Rev A
51
System Auditing Using BSM
The BSM utility is installed on the system and logs a significant amount of event
information, including OS login and logoff events that the authlog and sulog do not
capture.
information, including OS login and logoff events that the authlog and sulog do not
capture.
Notes:
The BSM utility writes binary log files to the /var/audit/ directory. You cannot
view these files using a simple text editor. The praudit command converts the
binary format to readable text.
view these files using a simple text editor. The praudit command converts the
binary format to readable text.
The system generates one BSM binary log file per day and only retains seven
days of files.
days of files.
1 Log into the system as root:
a At the prompt, type
su -
and press Enter.
b Type the root password and press Enter.
2 To determine the name and location of the current BSM log file, type
auditreduce /etc/security/audit_data
and press Enter.
Example:
/var/audit/20081007040000.not_terminated.filbert
3
To convert a BSM binary log to readable text, type
cat [path and name of
file] | praudit -s
and press Enter. This results in a significant amount of
information. Please check the auditreduce and praudit man pages for usage
information for these commands.
information for these commands.
4 To start a new log file, type
audit -n
and press Enter.