The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > Shell Programming and Scripting
Reporting SU and Failedlogins Reporting SU and Failedlogins
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
sar command not reporting RobSand SUN Solaris 2 02-17-2009 02:38 PM
SNMP time reporting theblueproject UNIX for Dummies Questions & Answers 1 05-22-2008 01:22 PM
Question about error reporting wazzag Shell Programming and Scripting 2 08-25-2003 10:30 AM
Progress reporting Ypnos UNIX for Dummies Questions & Answers 9 05-28-2003 12:25 PM
Reporting Mike11 UNIX for Dummies Questions & Answers 3 12-14-2000 10:48 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 02-24-2006
janet janet is offline
Registered User
  
 

Join Date: Feb 2006
Posts: 9
Reporting SU and Failedlogins
Hi:-
I am working on an audit report that produces a monthly summary of account activity on a particular AIX host. I am struggling with su activity and failed logins as these tend to come back with more then a month's data.

Is there a easy way that these files can be rotated/cleaned out on a monthly bases or a way to query /var/adm/sulog or /etc/security/failedlogins so that they only report on the last 30 days?
  #2 (permalink)  
Old 02-24-2006
DogDay's Avatar
DogDay DogDay is offline
Registered User
  
 

Join Date: Jun 2005
Location: /dev/null
Posts: 83
There are a couple of ways to address this.

One is by truncating the wtmp/failedlogin files with fwtmp.

From the fwtmp man page:
Code:
 1. To convert a binary record in wtmp format to an ASCII record called
     dummy.file, enter:

     /usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file

     The content of a binary wtmp file is redirected to a dummy ASCII file.
  2. To convert an ASCII dummy.file to a binary file in wtmp format called
     /var/adm/wtmp, enter the fwtmp command with the -ic switch:

     /usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp

     The dummy ASCII file is redirected to a binary wtmp file.
After step 1. you could remove X number of lines or manually edit it etc...

Or the easier way:

Code:
who failedlogin|grep $(date +"%b")
Which returns the current months records. Its not the proper way to get that information as the string for February may be found in the username or hostname etc... The proper way would be to use awk and compare $(date +"%b") with $3.

Or you could simply truncate the file on the first of every month with:

Code:
> /var/adm/wtmp
> /etc/security/failedlogin

Good luck.
Closed Thread

Bookmarks

« Viewing the cron file | Creating file contents using contents of another file »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 03:33 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0