tracing login, logout to remote syslogd daemon

I have Unix server with HP-UX B.11.00 and I'm going to trace both every logins and every logout of this system, and sending these logs to
remote syslogd daemon of another server (Fedora core 3).
This Fedora server is central log server which will receive logs from remote systems.
What do you suggest me to configure HP-UX for tracking this login and logout to remote syslogd ?

14 REPLIES 14

Hi

This is done automatically for you by the wtmp file, last and lastb commands.

Support Fatherhood - Stop Family Law

As mentioned above, all login & logout traced by wtmp,last command,

Couple of choices,

you can write a scrip to copy /sftp to your centralized log server

or Enabling Audting -> and sftp the auditlog to centralized log server

Problems are common to all, but attitude makes the difference

Hi

sftp is found within the ssh download and is not basic to HP-UX. Nor do I see the relevance here.

Support Fatherhood - Stop Family Law

Hi,

/var/adm/wtmp contains all your login and logout details. You can use 'last' command to get those details. whereas 'lastb' command will give you only bad login information.

you can ftp those details acorss your central server.

Hi

Rethought this a bit tonight. This is Fedora that your using, so like HP-UX there is a 'logger' command which writes to syslog.log.

last > file
ftp file fedora:/file
cat fedora:/file | logger

Support Fatherhood - Stop Family Law

I know both last and lastb commands but format of wtmp file is specific, it's not text file so only "last" command can interpret its content.
My scope is to register every login and logout events in my Fedora log server, where syslogd daemon receives them on 514 port from remote machines.

1 - The unique mode to send events is by sftp command ? Could I use HPUX syslog to send events to central log server ?
I was interesting to send HPUX log directly to remote syslog but I can understand it's not possibile.

2- Once I move log file to central server I can route to syslog by "cat log file " | logger ?

HI

If you have syslogd already remotely set up to log into the Fedora server, then

last | logger

... will update both the local and the remote fedora syslog.log.

Support Fatherhood - Stop Family Law

Ricky

Just write a daily cron that captures today's logins from the last command and pipe it into logger.

If you looking for away to get real time updates then refer to the internals of wtmp.

Support Fatherhood - Stop Family Law

>>>1 - The unique mode to send events is by sftp command ? Could I use HPUX syslog to send events to central log server ?
I was interesting to send HPUX log directly to remote syslog but I can understand it's not possibile.<<<<<

Yes Its possible.
Events refering to system events (syslog) ?

if I am not you can redirect syslog to your centralized server, by editing the syslog.conf

Check below Thread,

http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1370494

Problems are common to all, but attitude makes the difference