- AIX Audit
The im_aixaudit module natively collects logs generated by the AIX Audit system, without depending on
auditstreamor any other process.
- Custom Programs
The im_exec module allows log data to be collected from custom external programs.Example 156. Using an External Command
This example uses the
tailcommand to read from a file.Note
The im_file module should be used to read log messages from files. This example only demonstrates the use of the im_exec module.
- DNS Monitoring
Logs can be collected from BIND 9.
- File Integrity Monitoring
Example 157. Monitoring File Integrity
This example monitors files in the
/srvdirectories, generating events when files are modified or deleted. Files ending in
.bakare excluded from the watch list.
- Local Syslog
Messages written to
/dev/logcan be collected with the im_uds module. Events written to file in Syslog format can be collected with im_file. In both cases, the xm_syslog module can be used to parse the events. See Collecting and Parsing Syslog for more information.Example 158. Reading Syslog Messages From File
This example reads Syslog messages from
/var/log/messagesand parses them with the parse_syslog() procedure.
- Log Files
The im_file module can be used to collect events from log files.
- Process Accounting
The im_acct module can be used to gather details about who runs what processes.