Is this possible? Is this a good idea?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Anthony Johnson Sent: Thursday, October 19, 2006 3:36 AM To: [email protected] Subject: [osol-discuss] Project Proposal: auditd audit_snmptrap plugin This seems overboard to suggest a project for the addition of an auditd plugin, but I didn't see any other way to be able to get the code that I am about to write into the base source control. Basically, I was going to use the audit_syslog plugin for auditd to send login/logout information to a remote syslogd host and then parse that output and send it to a snmp trap daemon. That started to get crazy and I started to worry about how normalized my data was really going to be. So.. I decided to write my own plugin and solve the whole crazy setup. So what I propose is: 1. Creation of a new Solaris library called libsnmptrap whose purpose will be to read a file named snmpd.conf for community and trap destination information. The format of this file will be the same as the Net-snmp's snmpd.conf(so that people don't have to worry about a conflict or duplication of the same information). The purpose of this library will be to construct simple v1 SNMP Traps that contain Solaris audit information. 2. Creation of a Solaris Audit SNMP MIB with information on Traps that can be generated. 3. The creation of a new auditd plugin named snmptrap(/on/usr/src/lib/auditd_plugins/snmptrap) which would be loadable through /etc/security/audit_control via the same method as audit_syslog.so. This plugin would send traps to the traphost defined in the snmpd.conf in /etc/. Special traps will be created for start/end operations(login start, login out) which will provide the ability to have applications like HP OpenView and NetCool to autoclear the SNMP Trap events. The benefits of this plugin at the very least would be Big Brother login/logout monitoring of servers by a NMS system. Comments/Suggestions? Thanks, Anthony This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected] This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
