HPE Community
Operating System - HP-UX
1753534 Members
5064 Online
108795 Solutions
New Discussion юеВ

Log Files

 
SOLVED
Go to solution
AL_3001
Regular Advisor

тАО04-06-2009 11:04 PM

тАО04-06-2009 11:04 PM

Log Files

Gurus,

A simple question, but at times get tricky.

I do not have root access on the server, but need to check for login failure (switch user failure). As i cannot view sulog file, it requires root access, i used to check the syslog file.

The situation is, syslog file is zipped and i cannot unzip as a normal user.

Which other files contain login failure info?

Thanks.

Regards,
Ashish
0 Kudos
8 REPLIES 8
Suraj K Sankari
Honored Contributor

тАО04-06-2009 11:16 PM

тАО04-06-2009 11:16 PM

Re: Log Files

hi,
login failure ?
try "lastb"

suraj
0 Kudos
Jozef_Novak
Respected Contributor

тАО04-06-2009 11:22 PM

тАО04-06-2009 11:22 PM

Re: Log Files

No possibility to install sudo in order to get temporary root access ?

J.
0 Kudos
Ganesan R
Honored Contributor

тАО04-06-2009 11:44 PM

тАО04-06-2009 11:44 PM

Re: Log Files

Hi Ashish,

Normally /var/adm/btmp contains all the bad logins which can be read by lastb command.

You need to check only the syslog file to know the switch user failures.
Best wishes,

Ganesh.
0 Kudos
AL_3001
Regular Advisor

тАО04-07-2009 02:16 AM

тАО04-07-2009 02:16 AM

Re: Log Files

>> Suraj -> lastb requires root login

>> Jozef_Novak -> I am just a little curious, will get root access soon. Still would want to know the other locations, if any.

>> Ganesan -> btmp file cannot be read as it requires root login
0 Kudos
Bill Hassell
Honored Contributor

тАО04-07-2009 02:47 AM

тАО04-07-2009 02:47 AM

Re: Log Files

The failed login information is stored in only one location: /var/adm/btmp and is a binary file. However, it is a security risk to set the permissions of this file to anything more open than 600. This file contains mistakes and some of them contain plain-text passwords because the user was not paying attention. The sulog has the same restrictions and should remain restricted to root only.


Bill Hassell, sysadmin
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО04-07-2009 03:10 AM

тАО04-07-2009 03:10 AM

Re: Log Files

>syslog file is zipped and i cannot unzip as a normal user.

If you can read the file you can unzip it elsewhere.
0 Kudos
Viktor Balogh
Honored Contributor

тАО04-09-2009 12:36 AM

тАО04-09-2009 12:36 AM

Solution

Re: Log Files

hi,

Dennis has right. if you can read the file you can unzip it too. I recommend gzcat for reading gzipped files...
****
Unix operates with beer.
0 Kudos
AL_3001
Regular Advisor

тАО04-09-2009 03:52 AM

тАО04-09-2009 03:52 AM

Re: Log Files

Viktor,

gzcat is correct. Thanks, it gives me my answer.

Thank You to all for their valuable inputs.

Cheers.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.