SU Command Failure Alert Rule Rule

  • ID:  Microsoft.Solaris.9.LogFile.Syslog.SU.Command.Root.Failure.Alert
  • Description:  Alert rule for failed "SU to root command" messages.
  • Target:  Solaris 9 Computer
  • Enabled:  Yes

Overridable Parameters

Parameter Name Default Value Description Override
Host $Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$ Host where log file resides.
LogFile /var/adm/messages Path to log file.
RegExpFilter .*su.*root.*failed.* Regular expression to use for filtering log file records.
IndividualAlerts false The default behavior of this data source module is to search the UNIX/Linux log file for lines matching a rule, and present all matches as a single alert. If the ‘Individual Alert’ property is set to ‘true’, then the module will generate an individual alert for each line in the log file that matches the rule.
Priority 1  
Severity 1  

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
Failed SU to Root detected Medium Warning

Rule Knowledgebase

Summary

A failed 'su' command was detected in the system log files.
Causes

Users may have been granted access to privileged accounts. This monitor allows system administrators to track 'su' usage.
Resolutions

The description of the alert and/or the output data item contains information on the event encountered. If 'su' usage appears suspicious, please check the associated event details and any other events that happened around the time of this event.
External References
This rule does not contain any external references.

See Also for System Center Operations Manager 2007 R2 Cross Platform Management Pack


Downloads for System Center Operations Manager 2007 R2 Cross Platform Management Pack

Back to top
AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED