HPE Community
Operating System - HP-UX
1754888 Members
3938 Online
108827 Solutions
New Discussion юеВ

Re: How to get syslogging of logins?

 
SOLVED
Go to solution
Lev Assinovsky
Frequent Advisor

тАО09-21-2004 11:52 PM

тАО09-21-2004 11:52 PM

How to get syslogging of logins?

Hi All!
I found that in HP-UX 11.00 among the system utilities, using login only 'ftpd' and 'su' logs something
(user, host, etc) into syslog. rlogin, telnet
don't log anything. Is there any way to get
at least user name into syslog from telnet?
Thanks.
0 Kudos
Reply
19 REPLIES 19
Pete Randall
Outstanding Contributor

тАО09-22-2004 12:01 AM

тАО09-22-2004 12:01 AM

Re: How to get syslogging of logins?

Your telnet logins get recorded in /var/adm/wtmp and are viewable via the "last" command.


Pete

Pete
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО09-22-2004 12:01 AM

тАО09-22-2004 12:01 AM

Re: How to get syslogging of logins?

Hi,
There are a few logs... /var/adm/sulog wtmp,/etc/utmp etc...
for extra configuration of syslog do a ma syslogd

All the best
Victor
0 Kudos
Reply
Lev Assinovsky
Frequent Advisor

тАО09-22-2004 12:10 AM

тАО09-22-2004 12:10 AM

Re: How to get syslogging of logins?

Thanks for your response!
I gather syslog data reading /dev/log.
/etc/wtmp is populated another way then
syslogd.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО09-22-2004 12:16 AM

тАО09-22-2004 12:16 AM

Re: How to get syslogging of logins?

Lev,

OK, you want this data in syslog as well. I think the entry "auth.info /var/adm/syslog/syslog.log" in /etc/syslog.conf would do what you wish. The issue "kill -HUP `cat /var/run/syslog.pid`".


Pete

Pete
0 Kudos
Reply
Lev Assinovsky
Frequent Advisor

тАО09-22-2004 12:24 AM

тАО09-22-2004 12:24 AM

Re: How to get syslogging of logins?

auth.info doesn't turn on telnetd logging.
Thanks anyway!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО09-22-2004 12:31 AM

тАО09-22-2004 12:31 AM

Re: How to get syslogging of logins?

auth.info will be su login. To manage telnet / rlogin we have to for utmp log file only there.

Try to audit utmp file with last command and redirect into /var/adm/syslog/logininfo.log file like that with a simple script and do it simulation with cron job,s there.

Else there is another way using profile file as,

on /etc/profile make a script line as,

if [[ $(ps -ef | grep -q "telnet") || $(ps -ef | grep -q "rlogin") ]]
then

echo "$LOGNAME is using telnet at $(date)" >> /var/adm/syslog/logininfo.log

fi

HTH.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО09-22-2004 12:32 AM

тАО09-22-2004 12:32 AM

Re: How to get syslogging of logins?

sorry. ps -ef will give ALL process. To get that user process then use ps only .. and do script as,

if [[ $(ps | grep -q "telnet") || $(ps | grep -q "rlogin") ]]
then

echo "$LOGNAME is using telnet at $(date)" >> /var/adm/syslog/logininfo.log

# You can add some more messages here

fi
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Lev Assinovsky
Frequent Advisor

тАО09-22-2004 12:56 AM

тАО09-22-2004 12:56 AM

Re: How to get syslogging of logins?

I believe you meant rlogind and telnetd.
But they run under root.
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО09-22-2004 01:09 AM

тАО09-22-2004 01:09 AM

Re: How to get syslogging of logins?

We can use /etc/profile for this to accomplish to get the user informations / login time / some more login informaion's.

Every login ( except cde login ) will use /etc/profile to set login informations there. We can use that login profile file to log login service informations there.

We can get the process information's of that current user with execution of ps (without any option there).

Check it by putting the following on your /etc/profile file as,


---- /etc/profile -----

# Login service logging
if [[ $(ps | grep -q "telnet") -eq 0 ]]
then

echo "$LOGNAME logs with service telnet at $(date) .. some more informations there" >> /var/adm/syslog/logininfo.log

elif [[ $( ps | grep -q "rlogin") -eq 0 ]]
then

echo "$LOGNAME logs with service rlogind at $(date) .. some more informations there" >> /var/adm/syslog/logininfo.log

fi

Check with normal user, root by login with telnet and rlogin service now. /var/adm/syslog/logininfo.log contain's entry for that.




Easy to suggest when don't know about the problem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.