IBM Support

AIX AUDIT: How can I monitor all user activities on a system?

Question & Answer


Question

How can I monitor all user activities on a system?
 

Answer

Some site policies might require audit records of all logins, and commands that are run by root, administrators, or even all users. 

Audit, and other security configurations involve comprehensive features, which require advanced review and planning. 
This document provides lists of common considerations, and references to help administrators plan their auditing procedure.
More references are provided in the following planning recommendations.

Efficient, and effective auditing requires careful planning. 
An administrator must plan, at a minimum, the following:
  ****Important**** 
 
AIX Support cannot advise you how, or what to audit. However we can answer questions about the commands and files you use to achieve your defined audit objectives.  It is recommended that administrators review the following file references to understand the configuration options.  
SUPPORT

Security configuration involves comprehensive features. Most of these features require advanced review and planning by administrators who are familiar with all of their system requirements. AIX Support does not make specific recommendations to harden your system. Customization is out of the scope of AIX Support, but if you have specific questions about documented usage, our support experts are happy to assist.

You can learn more about the audit functionality on AIX and best practices through the following resources:
 

If you have specific questions about usage after reviewing the recommended documentation, IBM AIX Support will be happy to assist.

If you require consulting services, there are more fee-based services available.

If you require usage assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  
 

1.  Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2.  Capture any logs or data relevant to the situation.

3.  Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4.  Provide a clear, concise description of the issue.

 

5.  If the system is accessible, collect a system snap, and upload all of the details and data for your case.

  - For guidance, see: Working with IBM AIX Support: Collecting snap data

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cw2BAAQ","label":"Security-\u003EAudit"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]

Document Information

Modified date:
08 July 2024

UID

ibm16825071