Click here to expand

    Unix Event Reports

    EventLog Analyzer has a wide range of out-of-the-box reports and alert profiles for Unix devices. With these you can audit system events such as package installs and updates, track important events such as low disk space, and more. You can also audit critical events based on device, alert type, or severity. Apart from critical events, you can also track other events on your Unix systems such as cron jobs, session connections and disconnections, deactivated services, and more.

    Unix Logon Reports

    A record of different logon types specific to Unix devices such as SU, SSH, and FTP logons will be available here. In addition, the top logon reports classify these logons based on users, devices, remote devices, and method of logon. The logon trend report gives real-time insights on the general trend detected in Unix logons. This can help detect sharp deviations in general trend which could be indicative of malicious activity.

    • User Logons
    • SU Logons
    • SSH Logons
    • FTP or SFTP Logons
    • Logons Overview
    • Top logons based on users
    • Top logons based on devices
    • Top logons based on remote devices
    • Top Unix Logon Method
    • Logon Trend

    Unix Logoff Reports

    A record of different logoffs specific to Unix devices such as SU, SSH, FTP, and user logoffs will be available here. The Logoffs overview report gives real-time insights on the general trend.

    • User Logoffs
    • SU Logoffs
    • SSH Logoffs
    • FTP or SFTP Logoffs
    • Logoffs Overview

    Unix Failed Logon Reports

    This report group can help in the monitoring of failed logons in any Unix device. The top failed reports based on users, devices, and remote devices will help identify an unusual number of logon failures which could be indicative of an attack. In addition, devices with repeated logon failures will be listed separately.

    • User Failed Logons
    • SU Failed Logons
    • SSH Failed Logons
    • FTP or SFTP Failed Logons
    • Failed Logons Overview
    • Top failed logons based on users
    • Top failed logons based on devices
    • Top Failed logons based on remote devices
    • Top failed logon methods
    • Failed Logon Trend
    • Repeated authentication failures
    • Invalid user login attempts
    • Unsuccessful logon failures with long password
    • Repeated login failures based on remote devices
    • Repeated authentication failures based on remote devices

    Unix User Account Management

    This report group can help monitor critical changes to user accounts, groups, and passwords such as creations, deletions, modification of groups, user accounts, and passwords.

    • Added user accounts
    • Deleted user accounts
    • Renamed user accounts
    • Groups added
    • Groups deleted
    • Groups renamed
    • Password Changes
    • Failed password changes
    • Failed user additions
    • Top Unix Account Management Events

    Unix Removable Disk Auditing

    These reports can help track removable disk activity in Unix devices.

    • USB Plugged In
    • USB Plugged Out

    SUDO Commands

    The reports in this group can help ensure that security privileges of the super user are not misused.

    • SUDO command executions
    • Failed SUDO command executions
    • Top SUDO command executions
    • Top Failed SUDO command executions

    Trend report

    The reports in this group give an overview of the trend in activity in Unix devices.

    • Weekly Report
    • Hourly Report

    Unix Mail Server Reports

    These reports help in monitoring Unix mail servers. The 'Top' reports give the usage statistics of Unix mail servers. Reports to monitor mailbox usage, general trends, mail deliveries and the execution of commands are also available in this report group.

    • Mails Sent Overview
    • Mails Received Overview
    • Top mails sent based on senders
    • Top mails sent based on remote device
    • Top mails received from remote devices
    • Top Sender Domain
    • Top Recipient Domain
    • Trend report on mails sent
    • Trend report on mails received
    • Top mails rejected based on sender
    • Top receivers who rejected the mails
    • Top mail rejection errors
    • Top Rejected Domains
    • Mails rejected Overview
    • Mailbox Unavailable
    • Insufficient Storage
    • Bad Sequence of Commands
    • Bad Email Address
    • Non existent email address on remote side
    • Top Mail Errors
    • Top mail errors based on senders
    • Failed Mail Deliveries

    Unix Threats

    The reports in this group and their corresponding alert profiles help discover and mitigate some of the threats common to Unix devices.

    • Reverse Lookup Errors
    • Bad DeviceConfig Errors
    • Bad ISP Errors
    • Invalid connection remote device
    • Denial of Service Attack

    Unix NFS Events

    These reports help monitor the storage of file in remote systems using the Network File Share (NFS) protocol.

    • Successful NFS mounts
    • Refused NFS Mounts
    • Denied NFS mounts based on users
    • Top Successful NFS mounts based on remote device
    • Top Refused NFS mounts based on remote devices

    Unix Other Events

    This report group contains reports to monitor Unix events such as timed out or denied connections, failed updates, name and address mismatch errors for devices, and more. This group also contains reports to monitor cron jobs or the scheduling of commands to be executed later.

    • Cron Jobs
    • Cron Edit
    • Cron Job Started
    • Cron Job Terminated
    • Connection aborted by a software
    • Receive identification string
    • Session Connected
    • Session Disconnected
    • Deactivated services
    • Unsupported Protocol Version
    • Timeout While Logging
    • Failed Updates
    • Device Name Mismatch Error
    • Device Address Mismatch Error
    • Top cron jobs based on users

    Unix FTP Server Reports

    This report group has a range of reports to monitor the usage of the File Transfer Protocol (FTP) in Unix devices. Monitoring this protocol is crucial for data security.

    • File downloads
    • File Uploads
    • Data transfer stall timeouts
    • Login Timeouts
    • Session idle timeouts
    • No transfer timeouts
    • Connection timeouts
    • FTP Reports Overview
    • Top FTP operations based on user
    • Top FTP operations based on remote device

    Unix System Events

    Crucial Unix system events such as Yum installs, stopping and restarting of the Syslog service, system shutdowns, and low disk space can be monitored with these reports.

    • Syslog service stopped
    • Syslog service restarted
    • Low Diskspace
    • System Shutdown
    • Yum installs
    • Yum updates
    • Yum Uninstalls

    Unix Severity Reports

    This report group classifies and presents Unix events in eight different levels of severity. This classification can help prioritize events and alerts.

    • Emergency Events
    • Alert Events
    • Critical Events
    • Error Events
    • Warning Events
    • Notice Events
    • Information Events
    • Debug Events

    Unix Critical Reports

    This report group helps analyze critical events further based on the level, event, device, and also the general trends.

    • Criticality level of events
    • Critical reports based on event
    • Critical events based on device
    • Critical events based on remote device
    • Critical events Trend
    • Critical events Overview

    VMWare Logons/Logoff

    This report group helps in the monitoring of logons/logoffs of the virtual machines installed in Unix devices. The reports in this group categorize the events based on the type, status, and the number of events.

    • User Logons
    • SU Logons
    • SSH Logons
    • SFTP Logons
    • Logons Overview
    • Top logons based on user
    • Top logons based on remote devices
    • Failed Logon
    • Failed SU Logon
    • Failed SSH Logon
    • Failed FTP or SFTP Logon
    • Failed Logon Overview
    • Top failed logons based on users
    • Top failed logon based on remote devices
    • User Logoff
    • SU Logoff
    • SSH Logoff
    • SFTP Logoff
    • Logoff Overview

    VMWare System Events

    The reports in this group deal with monitoring system events in the virtual machines installed in Unix devices. Creation and modification of user accounts, logging activity, disk space availability, and password changes can be tracked with these reports.

    • User Account Added
    • User Account Deleted
    • User Account Renamed
    • Group Added
    • Group Deleted
    • Groups Renamed
    • Password Changes
    • Password Change Failed
    • User Addition Failed
    • Syslog Service Stopped
    • Syslog Service Restarted
    • Low Diskspace
    • System Shutdown

    VMWare Server Events

    Critical events specific to VMs such as creation, deletion, and the modification of VMs and guest logins can be monitored with these reports.

    • Guest Login on VM
    • VM Created
    • VM Deleted
    • VM State Changes
    • Top VM Changes
    • VM Events Overview

    AS400 Reports

    This report group contains reports to monitor changes in AS400 devices. All critical system changes, logon events, hardware errors, configuration changes and more can be tracked with this report.

    • Logons
    • Failed Logons
    • Logoff
    • Failed Authorization
    • Authority changes
    • User Profile changes
    • Objects deleted
    • Job changes
    • Ownership changes
    • Logon failure due to invalid passwords
    • System value changes report
    • Successful Job Start
    • Successful Job End
    • Job Logs
    • Device Configuration
    • System time changes
    • Subsystem varied off workstation
    • ASP storage threshold reached
    • ASP storage limit exceeded
    • Disk Unit Errors
    • Expired system IDs report
    • Unable to write audit record
    • Disabled user profiles due to maximum number of sign-on attempts
    • Report on weak battery
    • Report on battery failures
    • System password bypass period ended
    • Storage directory threshold reached
    • Report on serious storage conditions
    • Report on battery cache expiry
    • Report on i5 grace period expiry
    • Temporary IO Processor errors
    • System Processor Failure
    • Hardware Errors
    • Top logons based on users
    • Top failed logons based on users
    • Top jobs based on users

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link