Operating System - HP-UX
1833772 Members
2315 Online
110063 Solutions
New Discussion

No Login info in the syslog

 
SOLVED
Go to solution
MRSG
Frequent Advisor

No Login info in the syslog

Hi
I noticed that couple of my servers do not log LOGIN info (even root logins) in to the syslog. I have compared /etc/inted.conf /etc/syslog.conf with other servers and they are same. What else do I need to check to make this work.
Thanks in advance.
Harry
5 REPLIES 5
Alan Casey
Trusted Contributor

Re: No Login info in the syslog

Logins are logged in /var/adm/btmp if it exists.

The commands "last" and "lastb" will display logins, and failed logins.


Alan
Christian Gebhardt
Honored Contributor

Re: No Login info in the syslog

Silly question:
Is "syslogd" running?

Christian
MRSG
Frequent Advisor

Re: No Login info in the syslog

Hi Christian,
Syslogd is running on these servers.
root 1893 1 0 Sep 7 ? 0:19 /usr/sbin/syslogd -D
But when you login on the box does it mean that it keeps track only if you " su " to any other user like " su - oracle "
Thanks,
Harry.
U.SivaKumar_2
Honored Contributor

Re: No Login info in the syslog

Hi,

HP-UX will not log login attempts in /var/log/syslog/syslog.log like linux.

regards,
U.SivaKumar
Innovations are made when conventions are broken
James R. Ferguson
Acclaimed Contributor
Solution

Re: No Login info in the syslog

Hi Harry:

If you wish to track successful logins, you 'var/adm/wtmp' must be present. If not, touch it or redirect /dev/null to it and make its permissions 644.

If you wish to log unssuccessful logins, 'var'adm/btmp' must be present. Create it the same way you do 'wtmp' but leave its permissions 600. You do not want non-root users reading the mistyped information therein.

Both of these files grow without bounds so redirect /dev/null to them to trim them. If you wish to keep part of their contents, use 'fwtmp' to manipulate them (see its man pages).

Use 'last' to view 'wtmp'. Use 'lastb' to view 'btmp'.

Should you ever wish to stop logging into these files, simply remove one or both acording to your needs.

Regards!

...JRF...