HPE Community
Operating System - Linux
1752701 Members
5878 Online
108789 Solutions
New Discussion юеВ

script help

 
SOLVED
Go to solution
KPS
Super Advisor

тАО08-16-2005 01:03 PM

тАО08-16-2005 01:03 PM

script help

Hi Gurus,

Looking a script to do the following:

I'd like to be able to go through the syslog and capture when anyone user does an
su - klxprod.

I'd also like to to be able to put the output of the above SU activity within the the following field format if at all possible, like the following 2 examples.

SU 07/23 22:01 + tty?? root-klxprod
SU 07/20 09:14 + ta jsmith-klxprod John Smith


Can someone please help?

-KPS
0 Kudos
5 REPLIES 5
Rajeev Shukla
Honored Contributor

тАО08-16-2005 01:10 PM

тАО08-16-2005 01:10 PM

Re: script help

Hi Ken,
I dont understand why you have to go through the syslog to get the entries of people doing su - where you already have a logfile recording all these
Have a look at /var/adm/sulog file that will have all entries in the format you like.
0 Kudos
Ranjith_5
Honored Contributor

тАО08-16-2005 01:33 PM

тАО08-16-2005 01:33 PM

Re: script help

/var/adm/sulog is already logging in the su sessions for all users.

#grep klxprod /var/adm/sulog>/tmp/sulist.txt

the above will give you su information related to the user klxprod.

Regards,
Syam
0 Kudos
Muthukumar_5
Honored Contributor

тАО08-16-2005 06:30 PM

тАО08-16-2005 06:30 PM

Solution

Re: script help

You can do it as,

Change sulog file permission as,

1. chmod 644 /var/adm/sulog

Change syslog.conf configuration as,

/etc/syslog.conf
*.auth /var/adm/syslog/syslog.log

Restart syslog daemon as,

/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

In Home Directory of klmprod,

1. vi .profile
(tail -1 /var/adm/sulog
grep 'klmprod' /var/adm/syslog/syslog.conf | tail -1) >> klmprod.log

For every login to klmprod with su login informations from syslog.log and sulog will be stored in klmprod.log file.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Ernesto Cappello
Trusted Contributor

тАО08-16-2005 07:19 PM

тАО08-16-2005 07:19 PM

Re: script help

Hi Ken looks that:

more /var/adm/sulog | grep klxprod

Regards, Ernesto.
0 Kudos
KPS
Super Advisor

тАО08-17-2005 12:49 AM

тАО08-17-2005 12:49 AM

Re: script help

Thanks everyone, I'm aware of the sulog being the best fit for getting this info in /var/adm, but there were some unique reasons here why I can't use it that would take me too long too explain.

We have some ideas however on how we'll proceed and thanks to you all....
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.