https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918848#M104161 Thanks everyone, I'm aware of the sulog being the best fit for getting this info in /var/adm, but there were some unique reasons here why I can't use it that would take me too long too explain. <BR /><BR />We have some ideas however on how we'll proceed and thanks to you all.... Wed, 17 Aug 2005 07:49:06 GMT KPS 2005-08-17T07:49:06Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918843#M104156 Hi Gurus,<BR /><BR />Looking a script to do the following:<BR /><BR />I'd like to be able to go through the syslog and capture when anyone user does an <BR />su - klxprod. <BR /><BR />I'd also like to to be able to put the output of the above SU activity within the the following field format if at all possible, like the following 2 examples. <BR /><BR />SU 07/23 22:01 + tty?? root-klxprod<BR />SU 07/20 09:14 + ta jsmith-klxprod John Smith<BR /><BR /><BR />Can someone please help?<BR /><BR />-KPS Tue, 16 Aug 2005 20:03:07 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918843#M104156 KPS 2005-08-16T20:03:07Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918844#M104157 Hi Ken,<BR />I dont understand why you have to go through the syslog to get the entries of people doing su - where you already have a logfile recording all these<BR />Have a look at /var/adm/sulog file that will have all entries in the format you like. Tue, 16 Aug 2005 20:10:29 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918844#M104157 Rajeev Shukla 2005-08-16T20:10:29Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918845#M104158 /var/adm/sulog is already logging in the su sessions for all users. <BR /><BR />#grep klxprod /var/adm/sulog&gt;/tmp/sulist.txt<BR /><BR />the above will give you su information related to the user klxprod.<BR /><BR />Regards,<BR />Syam<BR /> Tue, 16 Aug 2005 20:33:12 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918845#M104158 Ranjith_5 2005-08-16T20:33:12Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918846#M104159 You can do it as,<BR /><BR />Change sulog file permission as,<BR /><BR /> 1. chmod 644 /var/adm/sulog<BR /><BR />Change syslog.conf configuration as,<BR /><BR /> /etc/syslog.conf<BR /> *.auth /var/adm/syslog/syslog.log<BR /><BR />Restart syslog daemon as,<BR /><BR />/sbin/init.d/syslogd stop<BR />/sbin/init.d/syslogd start<BR /><BR />In Home Directory of klmprod,<BR /><BR /> 1. vi .profile<BR /> (tail -1 /var/adm/sulog<BR /> grep 'klmprod' /var/adm/syslog/syslog.conf | tail -1) &gt;&gt; klmprod.log<BR /><BR />For every login to klmprod with su login informations from syslog.log and sulog will be stored in klmprod.log file.<BR /><BR />hth.<BR /> Wed, 17 Aug 2005 01:30:01 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918846#M104159 Muthukumar_5 2005-08-17T01:30:01Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918847#M104160 Hi Ken looks that:<BR /><BR />more /var/adm/sulog | grep klxprod<BR /><BR />Regards, Ernesto.<BR /> Wed, 17 Aug 2005 02:19:31 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918847#M104160 Ernesto Cappello 2005-08-17T02:19:31Z https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918848#M104161 Thanks everyone, I'm aware of the sulog being the best fit for getting this info in /var/adm, but there were some unique reasons here why I can't use it that would take me too long too explain. <BR /><BR />We have some ideas however on how we'll proceed and thanks to you all.... Wed, 17 Aug 2005 07:49:06 GMT https://community.hpe.com/t5/operating-system-linux/script-help/m-p/4918848#M104161 KPS 2005-08-17T07:49:06Z