Return to
Portfolio

109.3. AIX Auditing (im_aixaudit)

This module parses events in the AIX Audit format. This module reads directly from the kernel. See also xm_aixaudit.

109.3.1. Configuration

The im_aixaudit module accepts the following directives in addition to the common module directives.

DeviceFile

This optional directive specifies the device file from which to read audit events. If this is not specified, it defaults to /dev/audit.

109.3.2. Fields

See the xm_aixaudit Fields.

109.3.3. Examples

Example 540. Reading AIX Audit Events From the Kernel

This configuration reads AIX audit events directly from the kernel via the (default) /dev/audit device file.

nxlog.conf [Download file]

  
1
2
3
4


  
<Input in>
    Module      im_aixaudit
    DeviceFile  /dev/audit
</Input>

← Previous: Process Accounting (im_acct) | ↑ Up: Input Modules | ⌂ Home: NXLog User Guide | Next: Azure (im_azure) →