Re: adminlog

Ali,

Did you add an appropriate entry to /etc/syslog.conf and restart the syslog service?

auth.debug                      /var/adm/loglog

Add it to the bottom of your /etc/syslog.conf, touch the file in /var/adm, restart syslogd.

If you only want failed logins in this separate file, use auth.crit instead of auth.debug. Also keep in mind that * is not a wildcard for severity, it represents all facilities (except mark).

You probably have a *.debug pointed to /var/adm/messages already which will catch everything, make sure not to alter that. You always want to log all system events especially access attempts..

Hello,

I created `/var/adm/loginlog` as root to capture failed logins with permission 600. (Solaris 9)
I changed group owner to `sys`. However when I try to make failed login attempts, I can not get any log
into `/var/adm/loginlog`.
Can anyone help me about this?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Thanks in advance,
Ali Received on Mon Jan 20 18:33:20 2003