How do I set up the wmtp rolling log file mechanism in the wtmp Rule Group?
How do I store login information in the agent directory?
How do I change the reset interval for the wtmp file?
VigilEnt Security Agent for Unix 5.0
In some Unix OS environments, the user login information is stored in
wtmpx is frequently cleared. The dormant account, and other user account reports that key on last login information can be incorrect especially if the wtmp or wtmpx file resets at a shorter interval than the interval set for the report to generate information. To offset this, the wtmp rule group inside the Unix Manager has a mechanism to store the login information in the agent directory structure in the
wtmpx file and associated backup
To configure the rolling log file mechanism:
- In Rules Manager, expand the Rule Set.
- Click File> Save As and save a backup of the rule set.
- Select the RMB Group: wtmp.
- Click Edit.
- Select the Event Source tab.
- Change the auxiliary log rolling period to the number of seconds you want. The default time is 5184000 seconds, which is equivalent to 60 days.
You do not have to use the individual rules in the wtmp group and can be turn them off. The
wtmpxrolling log mechanism functions totally independent of any individual rules. However, once the Auxiliary log rolling period is setup the rule group must be pushed down to the agent as required by normal Rules Manager operations.