HPE Community
Operating System - HP-UX
1837386 Members
3049 Online
110116 Solutions
New Discussion

sulog

 
SOLVED
Go to solution
Al Brown_1
New Member

‎12-29-2005 06:42 AM

‎12-29-2005 06:42 AM

sulog

SU 06/24 23:58 + 0 root-prdadm

In the above entry what does the 0 indicate?
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎12-29-2005 06:47 AM

‎12-29-2005 06:47 AM

Re: sulog

Shalom Al,

means user prdam di an su to root, which is user id zero.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎12-29-2005 06:50 AM

‎12-29-2005 06:50 AM

Re: sulog

the sulog format, it's date and time and tty and then the starting user id and the id they su-ed to.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎12-29-2005 06:50 AM

‎12-29-2005 06:50 AM

Solution

Re: sulog

Hi:

Normally you see the device ID from which the user performed the switch in place of the "0". My guess, therefore, is that that information wasn't available for logging.

If you have logging in '/var/adm/wtmp' enabled, you might see if you could match (in the timeframe of the 'su') a login session for 'root' on 06/24 that spans 23:58 hours.

Regards!

...JRF...
Reply
Al Brown_1
New Member

‎12-29-2005 07:29 AM

‎12-29-2005 07:29 AM

Re: sulog

Thanks James:

That is along the lines of what I thought. I suspect you are correct, we are using ssh between some systems here, which would support your guess.

Thanks also to the other gentlemen who responded, unfourtunately I really was only questioning the "0"! I understand the rest.

Al
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.