Configuring syslog.conf to put all login successes/failures in syslog.log

Dan Pearce · ‎08-27-2008

I've seen several threads here on itrc about adding lines to /etc/syslog.conf file which will gather all successful and failed logins and add them to syslog.log.

I have an HP-UX 11i v1 box that I'm trying to configure this for and several threads said to add:

auth.debug /var/adm/syslog/syslog.log
user.info /var/adm/syslog/syslog.log
auth.* /var/adm/syslog/syslog.log
user.debug /var/adm/syslog/syslog.log
*.debug /var/adm/syslog/syslog.log

(they are tabs, not spaces)

I have tried individually adding the suggested lines above to my existing syslog.conf (here is the current syslog.conf):

mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *

and stopped/restarted syslogd and yet I still can't get any logins logged to syslog.

Does anyone have any suggestions?

Any assistance would be greatly appreciated.

Thank you,
Dan

Michael Steele_2 · ‎08-27-2008

These are already kept in wtmp, etc. Read man page on last and lastb.

Support Fatherhood - Stop Family Law

Steven E. Protter · ‎08-27-2008

Shalom,

inetd -l will give you some additional information. I like the last/lastb command output myself.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Dan Pearce · ‎08-27-2008

So, the login information cannot be placed in syslog.log? There is a push here to store the syslog.log with all of this information in it to a centralized log server - which I know can be done with syslog.conf but I still don't know how to dump the successful and failed logins to syslog.

Any ideas?

Thanks,
Dan

Tim Nelson · ‎08-27-2008

I believe telnet is the only issue.

Rid yourself of telnet and use ssh. Success and fails for ssh are logged in syslog.log.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Configuring syslog.conf to put all login successes/failures in syslog.log

Configuring syslog.conf to put all login successes/failures in syslog.log

Re: Configuring syslog.conf to put all login successes/failures in syslog.log

Re: Configuring syslog.conf to put all login successes/failures in syslog.log

Re: Configuring syslog.conf to put all login successes/failures in syslog.log

Re: Configuring syslog.conf to put all login successes/failures in syslog.log