Open Enterprise Server Discussions

Home

Verified Answers

If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more

State Verified Answer
Replies replies
6
Subscribers subscribers
26
Views views
475
Users 0 members are here
+1 person also asked this people also asked this
Locked Locked

Related

Options

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLOG filter file

davidkrotil Super User

Super User

over 1 year ago

Hi,

I'm testing NSS auditing with VLOG and can't get it working.

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol DATA --filterFile /etc/opt/novell/vlog.conf --format CEF

in the vlog.conf is only this

:-roll -user_stop -user_start
DATA:/** (ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS) (*) (*)

I'm on OES 24.1

David

Tags:

vlog

Top Replies

Parents

0 BM2EC over 1 year ago

I do it this way with sucess:

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol VOL1 --pattern "+VOL1:/PATH/** (*)" --format CSV -o <Path and file for the output> -d
Cancel
Vote Up 0 Vote Down

Cancel
0 davidkrotil over 1 year ago in reply to BM2EC

Tried not to use filter file, no change

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol DATA --pattern ":-roll -user_stop -user_start" --pattern "+DATA:/** (ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS)" --format CEF

David
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 davidkrotil over 1 year ago in reply to BM2EC

Tried not to use filter file, no change

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol DATA --pattern ":-roll -user_stop -user_start" --pattern "+DATA:/** (ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS)" --format CEF

David
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Andy Konecny over 1 year ago in reply to davidkrotil

Can your command work to -- format CSV to separate out the CSV vs CEF part of it?

________________________

Andy of KonecnyConsulting.ca in Toronto
Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.
Cancel
Vote Up 0 Vote Down

Cancel

Resources

Learning Services

Partner Programs

Privacy

Compliance

Help

Company

Privacy Policy
Terms of Use
Cookies Preferences

Accessibility
Anti-Slavery Statement

Support
Contact Us

Careers
Code of Business Conduct and Ethics

The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.