How do I set up the wmtp rolling log file mechanism in the wtmp Rule Group? (NETIQKB45882)

  • 7745882
  • 02-Feb-2007
  • 10-Oct-2007

Resolution

goal
How do I set up the wmtp rolling log file mechanism in the wtmp Rule Group?

goal
How do I store login information in the agent directory?

goal
How do I change the reset interval for the wtmp file?

fact
VigilEnt Security Agent for Unix 5.0

fix

In some Unix OS environments, the user login information is stored in wtmp or wtmpx is frequently cleared. The dormant account, and other user account reports that key on last login information can be incorrect especially if the wtmp or wtmpx file resets at a shorter interval than the interval set for the report to generate information. To offset this, the wtmp rule group inside the Unix Manager has a mechanism to store the login information in the agent directory structure in the wtmp or wtmpx file and associated backup wtmp.1 file.

 To configure the rolling log file mechanism:

  1. In Rules Manager, expand the Rule Set.
  2. Click File> Save As and save a backup of the rule set.
  3. Select the RMB Group: wtmp.
  4. Click Edit.
  5. Select the Event Source tab.
  6. Change the auxiliary log rolling period to the number of seconds you want. The default time is 5184000 seconds, which is equivalent to 60 days.


note
You do not have to use the individual rules in the wtmp group and can be turn them off. The wtmp or wtmpx rolling log mechanism functions totally independent of any individual rules. However, once the Auxiliary log rolling period is setup the rule group must be pushed down to the agent as required by normal Rules Manager operations.

Additional Information

Formerly known as NETIQKB45882