https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985043#M123097 How can i trace users login attempts and any unauthorised attempts made to access the server. I must be able to monitor IP address with time stamp of the client system who is trying to log in. How do i configure and what is the procedure for the same? Fri, 30 May 2003 09:03:21 GMT Bharat Katkar 2003-05-30T09:03:21Z https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985043#M123097 How can i trace users login attempts and any unauthorised attempts made to access the server. I must be able to monitor IP address with time stamp of the client system who is trying to log in. How do i configure and what is the procedure for the same? Fri, 30 May 2003 09:03:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985043#M123097 Bharat Katkar 2003-05-30T09:03:21Z https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985044#M123098 Hi<BR /><BR />Last, last -b see man last also check sulog<BR /><BR />Paula Fri, 30 May 2003 09:07:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985044#M123098 Paula J Frazer-Campbell 2003-05-30T09:07:19Z https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985045#M123099 Hi,<BR />to have full tracing and auditing you must trust your system, but this can have side effects.<BR /><BR /><BR />If you just want to monitor:<BR /><BR />from man 1m login:<BR /><BR /> /var/adm/btmp History of bad login attempts<BR /> /var/adm/wtmp History of logins, logouts, and date changes<BR /><BR />you can query this file with the "last" command<BR /><BR /><BR />Other information can be found in the /var/adm/syslog/syslog.log.<BR /><BR />In the end, you can trace remote connetion modifying the /etc/inetd.conf enabling the loggin options for each program.<BR /><BR />For the exact option, i suggest a good "man program", i don't know them all.<BR /><BR /><BR />HTH,<BR /> Massimo<BR /><BR /> Fri, 30 May 2003 09:10:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985045#M123099 Massimo Bianchi 2003-05-30T09:10:20Z https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985046#M123100 Hi,<BR /><BR />#last -R<BR />#lastb -R<BR /><BR />should help you<BR /> Fri, 30 May 2003 09:28:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985046#M123100 Bala_11 2003-05-30T09:28:48Z https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985047#M123101 <BR />If you want an off-line trace you can use last/lastb -R.<BR /><BR />If you want an on-line trace with active alarms of intrusions you should install IDS/9000 from HP which comes for free from <BR /><BR /><A href="http://www.software.hp.com" target="_blank">www.software.hp.com</A><BR /><BR />Regards<BR />Rainer<BR /> Fri, 30 May 2003 11:16:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-authentication/m-p/2985047#M123101 Rainer von Bongartz 2003-05-30T11:16:29Z