https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375272#M196342 Maria,<BR /><BR /> Dont worry about the individual file permissions as long as the parent directory is protected.<BR /><BR /> ls -ld /var/adm/syslog<BR /><BR /> As long as the permissions of /var/adm/syslog is 750 (with root:adm as the ownership), you can even have 777 for syslog.log and other log files. <BR /><BR />-- Sundar. Thu, 09 Sep 2004 19:15:08 GMT Sundar_7 2004-09-09T19:15:08Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375262#M196332 hi, ux11i<BR />I am trying to work out the syslog.conf file. From what I understand, the following should mean a /var/adm/syslog/auth.log file is added to whenever an auth.notice type message is issued on the system:<BR /> <BR />auth.notice /var/adm/syslog/auth.log # <BR /><BR />I have reread the conf file and issued an su command from root to another user. Would this not get logged in the /var/adm/syslog/auth.log file?<BR /><BR />Thanks in advance for help..<BR />Maria Thu, 09 Sep 2004 00:19:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375262#M196332 Peter Gillis 2004-09-09T00:19:31Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375263#M196333 Hi,<BR />first, i advise you to create the auth.log file, with "better rights" than syslog.log.<BR />Next, try better a su FROM an user, TO root. su from root to an user is not really interresting for authentification.<BR /><BR />Olivier. Thu, 09 Sep 2004 00:33:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375263#M196333 Olivier Decorse 2004-09-09T00:33:03Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375264#M196334 Maria,<BR /><BR />Does the /var/adm/syslog/auth.log already exist? If not try to create it.<BR /><BR />Did the attempt still get logged to /var/adm/syslog/syslog.log ?<BR /><BR />Try su from an a normal user to root.<BR /><BR />Regards<BR />Michael Thu, 09 Sep 2004 00:36:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375264#M196334 Michael Tully 2004-09-09T00:36:33Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375265#M196335 Hi Maria,<BR /><BR />The level of logging all depends on how the daemon is coded to log the syslog events. If you're looking to capture su usage into a separate file from the syslog.log file, you could use:<BR /><BR />auth.info /var/adm/syslog/auth.log<BR /><BR />This line would instruct syslogd to log any "INFO" level messages from the authentication subsystem to the /var/adm/syslog/auth.log file. By default these messages also get logged to the /var/adm/syslog/syslog.log file, but if you want to capture specific types of messages for a given subsystem you can re-direct them in this manner.<BR /><BR />Again, whether or not you capture the messages your interested in or not depends on how the daemon calls the syslog(3C) function and what level or type of message it logs. In the case of su, it uses INFO level syslog logging, so redirecting INFO level messages to a separate file would capture them. <BR /><BR />Hope this helps,<BR /><BR />Dave Thu, 09 Sep 2004 00:39:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375265#M196335 Dave Olker 2004-09-09T00:39:46Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375266#M196336 su log informations are stored as,<BR /><BR />auth.info not as auth.notice<BR /><BR /> edit /etc/syslog.conf file as,<BR />-----------<BR /><BR />auth.info /var/adm/syslog/auth.log<BR />*.info, ....<BR /><BR />Note: No need to create the auth.log file.<BR /><BR />Restart the syslogd as <BR /><BR />kill the old syslogd ( ps -ef to get or syslog.pid )<BR /><BR />/usr/sbin/syslogd -D<BR /><BR />Try su log here and<BR />If you see the /var/adm/syslog/auth.log file , it contains all entries.<BR /> <BR /><BR /> Thu, 09 Sep 2004 00:56:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375266#M196336 Muthukumar_5 2004-09-09T00:56:45Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375267#M196337 thanks all. <BR />changing the notice to info appears to have done the trick. Olivier, what did you mean about better permissions than syslo.log??<BR /><BR />Regards,<BR />Maria Mon, 16 Sep 2024 09:11:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375267#M196337 Peter Gillis 2024-09-16T09:11:57Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375268#M196338 Don't worry about permission of auth.log file. It will be with 444 and root / root user group.<BR /><BR />Don't create the file, the file will be automatically created at /var/adm/syslog/ location.<BR /><BR />syslog.log will be 644 and but auth.log will be 444 Thu, 09 Sep 2004 01:25:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375268#M196338 Muthukumar_5 2004-09-09T01:25:25Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375269#M196339 Thanks Muthukumar, so what permissions should the other log files be...444 root:root ? I didnt manually create the files, as I noticed that they automatically created when restarted syslogd pid.<BR />Regards,<BR />Maria Thu, 09 Sep 2004 18:09:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375269#M196339 Peter Gillis 2004-09-09T18:09:25Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375270#M196340 Hi Maria,<BR /><BR />What other log files are you referring to? Can you do an ll of /var/adm/syslog and tell us which log files you're concerned about? Also include a copy of your /etc/syslog.conf file so that we can see which log files are automatically built by syslogd.<BR /><BR />Thanks,<BR /><BR />Dave Thu, 09 Sep 2004 18:40:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375270#M196340 Dave Olker 2004-09-09T18:40:40Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375271#M196341 HI Dave,<BR /><BR />auth.log <BR />lpd-errs <BR />mail.log <BR />mesgs.log <BR />syslog.log <BR />xferlog <BR /><BR />are the other log files I have in there.<BR />Thanks, Maria Thu, 09 Sep 2004 19:05:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375271#M196341 Peter Gillis 2004-09-09T19:05:43Z https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375272#M196342 Maria,<BR /><BR /> Dont worry about the individual file permissions as long as the parent directory is protected.<BR /><BR /> ls -ld /var/adm/syslog<BR /><BR /> As long as the permissions of /var/adm/syslog is 750 (with root:adm as the ownership), you can even have 777 for syslog.log and other log files. <BR /><BR />-- Sundar. Thu, 09 Sep 2004 19:15:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/syslog-conf-file/m-p/3375272#M196342 Sundar_7 2004-09-09T19:15:08Z