![]() |
|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts here. |
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SNMP time reporting | theblueproject | UNIX for Dummies Questions & Answers | 1 | 05-22-2008 09:22 AM |
| sar command not reporting | RobSand | SUN Solaris | 1 | 10-15-2007 11:36 AM |
| Question about error reporting | wazzag | Shell Programming and Scripting | 2 | 08-25-2003 06:30 AM |
| Progress reporting | Ypnos | UNIX for Dummies Questions & Answers | 9 | 05-28-2003 08:25 AM |
| Reporting | Mike11 | UNIX for Dummies Questions & Answers | 3 | 12-14-2000 07:48 PM |
|
|
Submit Tools | LinkBack | Thread Tools | Search this Thread | Display Modes |
|
#1
|
|||
|
|||
|
Reporting SU and Failedlogins
Hi:-
I am working on an audit report that produces a monthly summary of account activity on a particular AIX host. I am struggling with su activity and failed logins as these tend to come back with more then a month's data. Is there a easy way that these files can be rotated/cleaned out on a monthly bases or a way to query /var/adm/sulog or /etc/security/failedlogins so that they only report on the last 30 days? |
| Forum Sponsor | ||
|
|
|
#2
|
||||
|
||||
|
There are a couple of ways to address this.
One is by truncating the wtmp/failedlogin files with fwtmp. From the fwtmp man page: Code:
1. To convert a binary record in wtmp format to an ASCII record called
dummy.file, enter:
/usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file
The content of a binary wtmp file is redirected to a dummy ASCII file.
2. To convert an ASCII dummy.file to a binary file in wtmp format called
/var/adm/wtmp, enter the fwtmp command with the -ic switch:
/usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp
The dummy ASCII file is redirected to a binary wtmp file.
Or the easier way: Code:
who failedlogin|grep $(date +"%b") Or you could simply truncate the file on the first of every month with: Code:
> /var/adm/wtmp > /etc/security/failedlogin Good luck. |
||||
| Google The UNIX and Linux Forums |