The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > Shell Programming and Scripting
Reporting SU and Failedlogins Reporting SU and Failedlogins
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
SNMP time reporting theblueproject UNIX for Dummies Questions & Answers 1 05-22-2008 09:22 AM
sar command not reporting RobSand SUN Solaris 1 10-15-2007 11:36 AM
Question about error reporting wazzag Shell Programming and Scripting 2 08-25-2003 06:30 AM
Progress reporting Ypnos UNIX for Dummies Questions & Answers 9 05-28-2003 08:25 AM
Reporting Mike11 UNIX for Dummies Questions & Answers 3 12-14-2000 07:48 PM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1  
Old 02-24-2006
Registered User
  

Join Date: Feb 2006
Posts: 9
Reporting SU and Failedlogins
Hi:-
I am working on an audit report that produces a monthly summary of account activity on a particular AIX host. I am struggling with su activity and failed logins as these tend to come back with more then a month's data.

Is there a easy way that these files can be rotated/cleaned out on a monthly bases or a way to query /var/adm/sulog or /etc/security/failedlogins so that they only report on the last 30 days?
Reply With Quote
Forum Sponsor
  #2  
Old 02-24-2006
DogDay's Avatar
Registered User
  

Join Date: Jun 2005
Location: /dev/null
Posts: 83
There are a couple of ways to address this.

One is by truncating the wtmp/failedlogin files with fwtmp.

From the fwtmp man page:
Code:
 1. To convert a binary record in wtmp format to an ASCII record called
     dummy.file, enter:

     /usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file

     The content of a binary wtmp file is redirected to a dummy ASCII file.
  2. To convert an ASCII dummy.file to a binary file in wtmp format called
     /var/adm/wtmp, enter the fwtmp command with the -ic switch:

     /usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp

     The dummy ASCII file is redirected to a binary wtmp file.
After step 1. you could remove X number of lines or manually edit it etc...

Or the easier way:

Code:
who failedlogin|grep $(date +"%b")
Which returns the current months records. Its not the proper way to get that information as the string for February may be found in the username or hostname etc... The proper way would be to use awk and compare $(date +"%b") with $3.

Or you could simply truncate the file on the first of every month with:

Code:
> /var/adm/wtmp
> /etc/security/failedlogin

Good luck.
Reply With Quote
Google The UNIX and Linux Forums
Reply

« Viewing the cron file | Creating file contents using contents of another file »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 10:13 PM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0