35. IBM AIX
NXLog can collect various types of system logs on the AIX platform. For deployment details, see the supported AIX platforms, AIX installation, and monitoring.
- AIX Audit
-
The im_aixaudit module natively collects logs generated by the AIX Audit system, without depending on
auditstream
or any other process.Example 187. Collecting AIX Audit LogsThis example reads AIX audit logs from the
/dev/audit
device file.Link to this example.
- Custom Programs
-
The im_exec module allows log data to be collected from custom external programs.
Example 188. Using an External CommandThis example uses the
tail
command to read from a file.NoteThe im_file module should be used to read log messages from files. This example only demonstrates the use of the im_exec module. 1 2 3 4 5 6
<Input exec> Module im_exec Command /usr/bin/tail Arg -f Arg /var/adm/ras/errlog </Input>
Link to this example.
- DNS Monitoring
-
Logs can be collected from BIND 9.
- File Integrity Monitoring
-
File and directory changes can be detected and logged for auditing with the im_fim module. See File Integrity Monitoring.
Example 189. Monitoring File IntegrityThis example monitors files in the
/etc
and/srv
directories, generating events when files are modified or deleted. Files ending in.bak
are excluded from the watch list.1 2 3 4 5 6 7 8 9
<Input fim> Module im_fim File "/etc/*" File "/srv/*" Exclude "*.bak" Digest sha1 ScanInterval 3600 Recursive TRUE </Input>
Link to this example.
- Local Syslog
-
Messages written to
/dev/log
can be collected with the im_uds module. Events written to file in Syslog format can be collected with im_file. In both cases, the xm_syslog module can be used to parse the events. See Collecting and Parsing Syslog for more information.Example 190. Reading Syslog Messages From FileThis example reads Syslog messages from
/var/log/messages
and parses them with the parse_syslog() procedure.1 2 3 4 5 6 7 8 9
<Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_file File "/var/log/messages" Exec parse_syslog(); </Input>
Link to this example.
- Log Files
-
The im_file module can be used to collect events from log files.
Example 191. Reading From Log FilesThis configuration reads messages from the
/opt/test/input.log
file. No parsing is performed; each line is available in the$raw_event
field.Link to this example.
- Process Accounting
-
The im_acct module can be used to gather details about which owner (user and group) runs what processes.
Example 192. Reading Process Accounting LogsThis configuration turns on process accounting (using
/tmp/nxlog.acct
as the log file) and watches for messages.Link to this example.