HPE Community
Operating System - HP-UX
1833467 Members
2690 Online
110052 Solutions
New Discussion

syslog.conf file

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

‎09-08-2004 05:19 PM

‎09-08-2004 05:19 PM

syslog.conf file

hi, ux11i
I am trying to work out the syslog.conf file. From what I understand, the following should mean a /var/adm/syslog/auth.log file is added to whenever an auth.notice type message is issued on the system:

auth.notice /var/adm/syslog/auth.log #

I have reread the conf file and issued an su command from root to another user. Would this not get logged in the /var/adm/syslog/auth.log file?

Thanks in advance for help..
Maria
0 Kudos
Reply
10 REPLIES 10
Olivier Decorse
Respected Contributor

‎09-08-2004 05:33 PM

‎09-08-2004 05:33 PM

Re: syslog.conf file

Hi,
first, i advise you to create the auth.log file, with "better rights" than syslog.log.
Next, try better a su FROM an user, TO root. su from root to an user is not really interresting for authentification.

Olivier.
They say "install windows 2k, xp or better", so i install unix !
0 Kudos
Reply
Michael Tully
Honored Contributor

‎09-08-2004 05:36 PM

‎09-08-2004 05:36 PM

Re: syslog.conf file

Maria,

Does the /var/adm/syslog/auth.log already exist? If not try to create it.

Did the attempt still get logged to /var/adm/syslog/syslog.log ?

Try su from an a normal user to root.

Regards
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Dave Olker
Neighborhood Moderator

‎09-08-2004 05:39 PM

‎09-08-2004 05:39 PM

Solution

Re: syslog.conf file

Hi Maria,

The level of logging all depends on how the daemon is coded to log the syslog events. If you're looking to capture su usage into a separate file from the syslog.log file, you could use:

auth.info /var/adm/syslog/auth.log

This line would instruct syslogd to log any "INFO" level messages from the authentication subsystem to the /var/adm/syslog/auth.log file. By default these messages also get logged to the /var/adm/syslog/syslog.log file, but if you want to capture specific types of messages for a given subsystem you can re-direct them in this manner.

Again, whether or not you capture the messages your interested in or not depends on how the daemon calls the syslog(3C) function and what level or type of message it logs. In the case of su, it uses INFO level syslog logging, so redirecting INFO level messages to a separate file would capture them.

Hope this helps,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Muthukumar_5
Honored Contributor

‎09-08-2004 05:56 PM

‎09-08-2004 05:56 PM

Re: syslog.conf file

su log informations are stored as,

auth.info not as auth.notice

edit /etc/syslog.conf file as,
-----------

auth.info /var/adm/syslog/auth.log
*.info, ....

Note: No need to create the auth.log file.

Restart the syslogd as

kill the old syslogd ( ps -ef to get or syslog.pid )

/usr/sbin/syslogd -D

Try su log here and
If you see the /var/adm/syslog/auth.log file , it contains all entries.


Easy to suggest when don't know about the problem!
Reply
Peter Gillis
Super Advisor

‎09-08-2004 06:09 PM - last edited on ‎09-16-2024 02:11 AM by

‎09-08-2004 06:09 PM - last edited on ‎09-16-2024 02:11 AM by

Re: syslog.conf file

thanks all.
changing the notice to info appears to have done the trick. Olivier, what did you mean about better permissions than syslo.log??

Regards,
Maria
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-08-2004 06:25 PM

‎09-08-2004 06:25 PM

Re: syslog.conf file

Don't worry about permission of auth.log file. It will be with 444 and root / root user group.

Don't create the file, the file will be automatically created at /var/adm/syslog/ location.

syslog.log will be 644 and but auth.log will be 444
Easy to suggest when don't know about the problem!
Reply
Peter Gillis
Super Advisor

‎09-09-2004 11:09 AM

‎09-09-2004 11:09 AM

Re: syslog.conf file

Thanks Muthukumar, so what permissions should the other log files be...444 root:root ? I didnt manually create the files, as I noticed that they automatically created when restarted syslogd pid.
Regards,
Maria
0 Kudos
Reply
Dave Olker
Neighborhood Moderator

‎09-09-2004 11:40 AM

‎09-09-2004 11:40 AM

Re: syslog.conf file

Hi Maria,

What other log files are you referring to? Can you do an ll of /var/adm/syslog and tell us which log files you're concerned about? Also include a copy of your /etc/syslog.conf file so that we can see which log files are automatically built by syslogd.

Thanks,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Peter Gillis
Super Advisor

‎09-09-2004 12:05 PM

‎09-09-2004 12:05 PM

Re: syslog.conf file

HI Dave,

auth.log
lpd-errs
mail.log
mesgs.log
syslog.log
xferlog

are the other log files I have in there.
Thanks, Maria
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-09-2004 12:15 PM

‎09-09-2004 12:15 PM

Re: syslog.conf file

Maria,

Dont worry about the individual file permissions as long as the parent directory is protected.

ls -ld /var/adm/syslog

As long as the permissions of /var/adm/syslog is 750 (with root:adm as the ownership), you can even have 777 for syslog.log and other log files.

-- Sundar.
Learn What to do ,How to do and more importantly When to do ?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.