04-05-2011
On modern GNU/Linux distributions, su information is logged via the PAM stack (/etc/pam.d) module pam_unix.so to /var/log/secure.
6 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello,
the sulog file on solaris does not record the user's attempts.
do i have to delete and create a new one or there is a better way?
in addition on the current sulog file is shown the month/day of the user's attempt but
i like to see the year also. there is a way to see the year or more... (2 Replies)
Discussion started by: grep
2 Replies
2. Solaris
Hi All,
I need to get last 7 days log entries from sulog. The same has to be done for the last command.
for ex: when i search for a user "abc" in sulog, i only want to check his entries for the last 1 week.
The same has to be done for last command.
Can anyone suggest some tips.
... (0 Replies)
Discussion started by: navdeepan
0 Replies
3. AIX
I just wrote a very small script that improves readability on system sulog. The problem with all sulog is there is lack of clarity whether the info you are looking at is the most current. So if you just need a simple soution instead of going thru the trouble of writing a script that rotate logs and... (0 Replies)
Discussion started by: sparcguy
0 Replies
4. Solaris
Hi,
more than one user login the our solaris 10 systems with same user account by using ssh connection. i wanna see ip or hostname information of them on sulog instead of it's terminal number. is this possible?
current sulog is like that
SU 02/06 08:59 + pts/1 operation-vuser
SU 02/07 14:27... (1 Reply)
Discussion started by: sdkbjk
1 Replies
5. Solaris
Hi,
I would like to know is there any way to capture the year in /var/adm/sulog file in solaris 10?
Please suggest (2 Replies)
Discussion started by: manoj.solaris
2 Replies
6. AIX
Hi,
I need to grant read permission to a normal user on sulog file on AIX 6.1.
As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies
LEARN ABOUT LINUX
pam_lastlog
PAM_LASTLOG(8) Linux-PAM Manual PAM_LASTLOG(8)
NAME
pam_lastlog - PAM module to display date of last login
SYNOPSIS
pam_lastlog.so [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed]
DESCRIPTION
pam_lastlog is a PAM module to display a line of information about the last login of the user. In addition, the module maintains the
/var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this module is not necessary.
OPTIONS
debug
Print debug information.
silent
Don't inform the user about any previous login, just update the /var/log/lastlog file.
never
If the /var/log/lastlog file does not contain any old entries for the user, indicate that the user has never previously logged in with
a welcome message.
nodate
Don't display the date of the last login.
noterm
Don't display the terminal name on which the last login was attempted.
nohost
Don't indicate from which host the last login was attempted.
nowtmp
Don't update the wtmp entry.
noupdate
Don't update any file.
showfailed
Display number of failed login attempts and the date of the last failed attempt from btmp. The date is not displayed when nodate is
specified.
MODULE TYPES PROVIDED
Only the session module type is provided.
RETURN VALUES
PAM_SUCCESS
Everything was successful.
PAM_SERVICE_ERR
Internal service module error.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
Add the following line to /etc/pam.d/login to display the last login time of an user:
session required pam_lastlog.so nowtmp
FILES
/var/log/lastlog
Lastlog logging file
SEE ALSO
pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>.
Linux-PAM Manual 06/04/2011 PAM_LASTLOG(8)