/usr/lbin/getprpw userid should give you the last password change in spwchg field.

Cheers!
Anshu

if you need to keep all these logs ..better to go for auditing after converting your machine to trusted one.

read this document about "trusted systems"

& looks at enabling auditing on HP-UX machines

http://docstore.mik.ua/manuals/hp-ux/en/5992-3387/ch10s02.html#v817608

In order to enable auditing on those systems you need to be in trusted mode.

1. Convert the system to trusted mode (in sam)
2. Sam -> auditing

SAM -> Auditing and Security -> Any of Auditing events, users or system calls option and you will see on the top Auditing Turned : OFF or a ON depending on the status.
You can enable from Actions - TURN AUDITING ON

Also you need to select which events, users and system calls you want to get audited and make sure you have enough space in the selected audit log directory or filesystem.

Hi,

The system call you are looking for is probably getevent(2) as it captures events and system calls that are being audited. However, it is at the verge of obsolescense. All of this depends on a lot of things. Auditing can be configured by enabling trusted system and also with the SMSE database.

Check man 2 getevent!

Regards
Ismail Azad