# syslogd: audit files and commands



## Dr_Death_UAE (Mar 9, 2009)

Hello, Hello, I configure my FreeBSD 7.1 box to send logs to a central syslog server.

It work fine, i want to show created and deleted files, also all executed commands.

I enable all logs type:


> *.emerg @syslog_server
> *.alert @syslog_server
> *.crit @syslog_server
> *.err @syslog_server
> ...



is it possible with out install additional packets


----------



## SirDice (Mar 9, 2009)

Dr_Death_UAE said:
			
		

> It work fine, i want to show created and deleted files, also all executed commands.


You will need to enable and configure auditting.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html


----------



## Dr_Death_UAE (Mar 12, 2009)

is it possible to make audit daemon to send it's record to syslog daemon.


----------



## Mel_Flynn (Mar 12, 2009)

Maybe, but first read the warning:


> Warning: It is easy to produce audit event feedback cycles, in which the viewing of each audit event results in the generation of more audit events. For example, if all network I/O is audited, and praudit(1) is run from an SSH session, then a continuous stream of audit events will be generated at a high rate, as each event being printed will generate another event. It is advisable to run praudit on an audit pipe device from sessions without fine-grained I/O auditing in order to avoid this happening.


Origin: Handbook

You can then try:
praudit /dev/auditpipe | logger

Though I think, you should carefully filter this output for what's really important.


----------

