HPE Community
Operating System - HP-UX
1837076 Members
2386 Online
110112 Solutions
New Discussion

Modem Logs

 
Judy Halter
Occasional Advisor

‎11-24-2004 01:15 AM

‎11-24-2004 01:15 AM

Modem Logs

I have inherited the UNIX system admin duties (my background is Oracle databases and my UNIX knowledge has been on a need-to-know basis). I have located the modem that has been connected to my server and unplugged it, so I believe no one can connect now except through our internal network. I'm trying to locate any 'modem' logs on the UNIX server - so I can review any dial-in activity. I'm overwhelmed by the amount of information on HP's site and have tried several searches in the knowledge tree to no avail. Can someone tell me where to find these logs?

Judy H.
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎11-24-2004 01:20 AM

‎11-24-2004 01:20 AM

Re: Modem Logs

As far as I know there are no seperate modem logs. Connection logging occurs in /var/adm/syslog/syslog.log

Its possible to possibly configure /etc/syslog.conf to split this data out but I doubt thats been done.

A phone dump would be more efficient in obtaining the information you desire.

The last commmand shows all logins and you may be able to filter based on tty type, which is different for modem connects. Same for lastb which shows bad login attempts.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Judy Halter
Occasional Advisor

‎11-24-2004 01:41 AM

‎11-24-2004 01:41 AM

Re: Modem Logs

Thanks for your help. The syslog.log doesn't show anything. The last command (thank you sooo much - this one is great!) is showing things like:

root pts/tb date/time

which I believe may be the modem connects? If so can I assume that all pts/tb were modem connections? Other values I see here are pts/ta, pts/tc pts/td - I looked at the first 300 lines for these - there may be others. Is this what you mean by tty type?

I know my 'newbie' is definately showing here.


Judy H
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎11-24-2004 09:42 PM

‎11-24-2004 09:42 PM

Re: Modem Logs

As you guessed, the "tty type" (actually a shorthand of the device name used in logging in) is the second field in the output of the "last" command.

If the type is of the form "pts/??" (or "pts/?", ? = any character), the login has been done using a pseudo-TTY device. In plain language, that means it's been done over the network using ssh, rsh, telnet or something similar.

For a true modem login, the type should be something like "tty0p1" (or at least anything that starts with "tty").

Can you tell the model of the server? If it's something equipped with a GSP console, there are a couple of extra possibilities:

1.) the modem might be used for emergency remote console access. In that case, you won't be able to tell the modem logins and local console logins apart using "last" output, since both types will show as "console". To check that, go to the server's console and press Ctrl-B. You'll get to the GSP menu: you can check the GSP's settings and logs from there. Read the GSP's help texts (the help command is HE) for more info.

2.) the modem might be used by the GSP to call a paging service whenever there's a hardware failure in the server. This might be a useful thing, however the destination for the pages might need to be updated at the GSP settings.

3.) the modem port might be locked at the GSP level, in which case the modem logins are impossible.
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.