SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008, 05:21 PM
| ||||
| ||||
 Audit Logs In HPUX 10.2 where do failed/successful login attempts get recorded? I have enabled auditing and setup audited events for success and failure for login/admin/moddac. However, the audisp command doesn't seem to be recording the login attempts.. when I intentionally fail a login or sucessfully login, it only shows failed SU attempts. -Celtic      |
|
01-16-2008, 05:21 PM
| |||
| |||
| Re: Audit Logs Celtic (celtic@cyberintel.com) wrote: : In HPUX 10.2 where do failed/successful login attempts get recorded? I : have enabled auditing and setup audited events for success and failure for : login/admin/moddac. However, the audisp command doesn't seem to be : recording the login attempts.. when I intentionally fail a login or : sucessfully login, it only shows failed SU attempts. /var/adm/btmp and /var/adm/wtmp ? Try man last. -- Jim Hollenback jholly@cup.hp.com my opinion. |
|
01-16-2008, 05:21 PM
| |||
| |||
| Re: Audit Logs Yes, the two files exist. They are however very cryptic and the "man last" command doesn't give much information on making them less cryptic (yes, I know how to use "last -a" to see all users listed). What I am trying to do here is make the audit log monitoring managable for a non-unix person. Am I going to need to script the whole process and generate a "pretty" version of the many HPUX logfiles that is a single consolidated file? I was hoping HP had something that would make the process easier!  -Celtic On Wed, 05 Nov 2003 22:18:30 -0700, Jim Hollenback wrote: > Celtic (celtic@cyberintel.com) wrote: > : In HPUX 10.2 where do failed/successful login attempts get recorded? I > : have enabled auditing and setup audited events for success and failure for > : login/admin/moddac. However, the audisp command doesn't seem to be > : recording the login attempts.. when I intentionally fail a login or > : sucessfully login, it only shows failed SU attempts. > > /var/adm/btmp and /var/adm/wtmp ? Try man last. > > -- > Jim Hollenback > jholly@cup.hp.com > my opinion. |
|
01-16-2008, 05:22 PM
| ||||
| ||||
| Re: Audit Logs Celtic (celtic@cyberintel.com) wrote: : They are however very cryptic and the "man last" command doesn't give much : information on making them less cryptic I think the command you need is fwtmp(1M), found by following SEE ALSO, recursively. ;-) |
Linear Mode
