I had a similar issue few years ago with AIX OS Sensor. Then the problem was trivial: the syslog daemon had been writing to the "/var/log/syslog.log" file, and the sensor expected log in "/var/log/syslog". Check what is your syslog output file, and is it the same file the sensor is expecting.
Zoran ----- Original Message ----- From: "Kwan Chee Kin" <[EMAIL PROTECTED]> To: "Andres Riancho" <[EMAIL PROTECTED]>; <[email protected]> Sent: Saturday, March 12, 2005 10:24 AM Subject: Re: [ISSForum] AIX Server Sensor Not Working Hi, Yes, I did try with another policy. It still won't work. I did not install the network monitoring component so I don't think that will work, will it? I'm trying to get the auditting part work. Thanks. Best regards, Kwan Chee Kin --- Andres Riancho <[EMAIL PROTECTED]> wrote: > Have you tried with another policy ? Maybe you could > try to enable the event > HTTP_GET for testing. > > Cheers , > > Andres Riancho > > ----- Original Message ----- > From: "Kwan Chee Kin" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Thursday, March 10, 2005 7:32 AM > Subject: [ISSForum] AIX Server Sensor Not Working > > > > Hi, > > I installed RS Server Sensor 7 on both AIX and > > Windows. I got the Sensors on both platforms > > communicating to the Site Protector 5. I applied > the > > default Attack_And_Audit_Policy into the Sensors. > Then > > I tried to test on the audit part of this policy > by > > trying a brute force login to the Sensors. > > > > The Windows platform sensors shows me the events > like > > I expected but the AIX did not even show anything. > > There is not even an event showing 'root' access > to > > the system. > > > > I verified the Sensors is Active. Then I verified > that > > the enforce audit policy is turned on in each AIX > > sensors and the Auditing in OS for the policy is > > checked. > > > > What could be the problem? Anyone bump into such > > problem before? > > Will AIX sensors show me anything in the events > like > > telnet login? > > Anyone knows any diagnostic tool I can check > whether > > the AIX sensor is working or not? > > > > Appreciate any comment. > > Thank you. > > > > Best regards, > > Kwan CK > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > _______________________________________________ > > ISSForum mailing list > > [email protected] > > > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > > > To contact the ISSForum Moderator, send email to > [EMAIL PROTECTED] > > > > The ISSForum mailing list is hosted and managed by > Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA > 30328. > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
