LEADER 05754nam 2200589Ia 450 001 9910815714603321 005 20200520144314.0 035 $a(CKB)1000000000243332 035 $a(SSID)ssj0000586071 035 $a(PQKBManifestationID)11344913 035 $a(PQKBTitleCode)TC0000586071 035 $a(PQKBWorkID)10626023 035 $a(PQKB)11264677 035 $a(MiAaPQ)EBC3306510 035 $a(WaSeSS)Ind00001750 035 $a(Au-PeEL)EBL3306510 035 $a(CaPaEBR)ebr10112511 035 $a(OCoLC)560099147 035 $a(EXLCZ)991000000000243332 100 $a20050516d2004 uy 0 101 0 $aeng 135 $aurcn||||||||| 181 $ctxt 182 $cc 183 $acr 200 00$aAccounting and auditing on AIX 5L /$fOctavian Lascu ... [et al.] 205 $a1st ed. 210 $a[S.l.] $cIBM, Interntional Technical Support Organization$d2004 215 $axii, 248 p. $cill 225 1 $aIBM redbooks 300 $a"SG24-6396-00." 311 $a0-7384-9170-5 320 $aIncludes bibliographical references and index. 327 $aFront cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Chapter 1. Introduction -- 1.1 The need for auditing and accounting -- 1.2 Auditing -- 1.3 Accounting -- 1.4 Advanced Accounting overview -- Chapter 2. Auditing on AIX -- 2.1 General concepts of AIX auditing -- 2.2 Configuring and using auditing -- 2.2.1 Select the auditable events -- 2.2.2 Collecting information -- 2.3 Setting up auditing -- 2.3.1 Configuration files -- 2.3.2 Command files -- 2.3.3 Output files -- 2.3.4 Data collection -- 2.3.5 Starting and stopping auditing -- 2.4 Recommendations for auditing -- 2.4.1 Using the audit subsystem for a quick security check -- 2.4.2 Disk space consideration -- 2.4.3 Performance -- 2.4.4 Audit limitations -- 2.5 Configuration examples -- 2.5.1 A real-time modification monitor -- 2.5.2 More audit scenarios -- 2.6 Common mistakes -- Chapter 3. Accounting on AIX -- 3.1 General concepts about accounting -- 3.2 Quick setup of the accounting subsystem -- 3.2.1 Starting the accounting system -- 3.2.2 Stopping the accounting subsystem -- 3.2.3 Long login user name support in AIX 5.3 -- 3.3 Accounting internals -- 3.4 Collecting and reporting data -- 3.4.1 Collecting data -- 3.4.2 Reporting data -- 3.5 Observing the system -- 3.5.1 The system activity -- 3.5.2 Connect-time usage -- 3.5.3 Who is connected to the system -- 3.5.4 CPU usage -- 3.5.5 Disk usage -- 3.5.6 Printer usage -- 3.6 Troubleshooting potential accounting errors -- 3.6.1 Fixing tacct errors -- 3.6.2 Fixing wtmp errors -- 3.6.3 Fixing incorrect file permissions -- 3.6.4 Fixing qacct access file errors -- 3.6.5 Fixing runacct errors -- 3.6.6 Updating an out-of-date holidays file -- 3.6.7 Fixing date change errors -- 3.6.8 Restarting the runacct command -- 3.6.9 Recommendations. 327 $a3.7 Accounting files -- 3.7.1 Accounting commands -- 3.7.2 Accounting data files -- 3.7.3 Report and summary files -- 3.7.4 Accounting file formats -- Chapter 4. Accounting and the Workload Manager -- 4.1 Overview -- 4.2 WLM concepts -- 4.2.1 Definitions -- 4.2.2 Class hierarchy -- 4.2.3 Class attributes -- 4.3 Administering WLM -- 4.3.1 WLM configuration: the six-step process -- 4.3.2 WLM administration tools -- 4.3.3 Setting up WLM -- 4.3.4 Introduction to WLM commands and WebSM -- 4.4 WLM performance monitoring tools -- 4.5 WLM accounting -- 4.5.1 Process accounting using WLM classes -- 4.5.2 Displaying WLM class accounting information -- 4.5.3 WLM application programming interface (API) -- 4.6 Resource control using WLM -- Chapter 5. Advanced Accounting -- 5.1 Managing Advanced Accounting -- 5.1.1 Controlling the advanced accounting -- 5.1.2 Using SMIT to control Advanced Accounting -- 5.2 Accounting data file and e-mail notification -- 5.2.1 Accounting data file -- 5.2.2 E-mail notification -- 5.3 Interval accounting -- 5.3.1 System interval -- 5.3.2 Process interval -- 5.4 Transaction accounting -- 5.5 Data aggregation -- 5.5.1 System-level data aggregation -- 5.5.2 Project-level data aggregation -- 5.6 Projects and policies -- 5.6.1 Projects -- 5.6.2 Policies -- 5.6.3 Load, unload, and query policies -- 5.6.4 Manual loading of a project -- 5.7 Reporting and analysis -- 5.8 Testing example -- 5.8.1 Using no interval, aggregation, project, and policy -- 5.8.2 System interval on -- 5.8.3 Aggregation for each user ID -- 5.8.4 Loading both the project and the policy -- 5.8.5 Aggregation based on application record -- Appendix A. Security audit events in AIX 5.3 -- Appendix B. The accounting files -- The acct file format -- The tacct file format -- The utmp file format -- The ctmp file format -- The accrec file format. 327 $aThe files in the bos.acct package -- Appendix C. Accounting records in Advanced Accounting -- Abbreviations and acronyms -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Help from IBM -- Index -- Back cover. 410 0$aIBM redbooks. 606 $aAccounting$xData processing 606 $aAuditing$xData processing 606 $aOperating systems (Computers) 615 0$aAccounting$xData processing. 615 0$aAuditing$xData processing. 615 0$aOperating systems (Computers) 701 $aLascu$b Octavian$01613675 712 02$aInternational Business Machines Corporation.$bInternational Technical Support Organization. 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910815714603321 996 $aAccounting and auditing on AIX 5L$94053088 997 $aUNINA