HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

event log for user/group creation and deletion

 
hnk
Occasional Contributor

event log for user/group creation and deletion

hi,

would like to get log entry in /var/adm/syslog/syslog.log if any new user/group is created/modified oruser/group is deleted.

Thanks,
Mike
3 REPLIES

Re: event log for user/group creation and deletion

What HP-UX version are you using?
You'll have to turn on auditing and that won't log to syslog.log.

What type of "modifications" are you interested in?
Bill Hassell
Honored Contributor

Re: event log for user/group creation and deletion

There are several ways to add/modify/delete a user or a group. Other than sam logs (assuming you use sam), there is nothing in syslog from the useradd, usermod, and userdel commands. And there is nothing to prevent a root user from editing /etc/group and /etc/passwd with vi.

It sounds like you need to stop using a root login and run sudo instead. I would also create a user-maintenance script that will provide add/modify/delete capability but also log the events into syslog.log using the logger command.


Bill Hassell, sysadmin
hnk
Occasional Contributor

Re: event log for user/group creation and deletion

Thanks for guidelines. following are more details

my OS is hpux 11i v2 and i can perform any modification on a test server.

We are sending the log of the server to an off-site place so would like to generate log messages in syslog if any user or grroup account is created/modified or removed.