i'm not a specalist in these security features of AIX. But as far as i know, you have to configure the audit subsystem and the syslog facility to get these information.
Here you can define which file in which way should be monitored:
Example: [/etc/security/audit/objects]
A successfull configuration will generate a entry in /var/adm/authlog like:
You also need to configure your syslog facility to get the required information.
Example: [/etc/syslog.conf]
Restart syslogd:
Finally the "last" command will give you some informationen about (previous) logins.
Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in.
Is there a way to see when ftp users log in... (1 Reply)
Hi,
I am little confused about the virtual Ethernet configuration on VIO and Client Partitions. There is alot of info on the internet but it gets more confusing....
If I have LHEA, it is very simple. Just assign LHEA (logical host ethernet adapter) to client partition -> run smitty tcpip and... (10 Replies)
Lucky me, someone has installed a server and got it running with the best intentions, but leaving me a headache. :wall:
We have a simple p520 with 4 disks. 2x145Gb & 2x300Gb. The smaller disk pair have been built into a VIO mirrored rootvg, and quite right too.
The other two disks form a... (3 Replies)
is there any way to create shared virtual disk between two LPARs like how you can do it using Storage through Fiber on two servers ?
Trying to stimulate HACMP between two LPARs (1 Reply)
Hello,
I am looking into virtualizing AIX 7.1 on our p7 machine that already has AIX 7.1 installed on it. I have a few questions about them:
1) In order to gain LPAR functionality, do I need to purchase PowerVM software?
2) I read that LPARs are managed from locally attached graphical... (1 Reply)
Hi Folks,
I am working on a task - Cloning the OS from fullSystem partition to 3 new LPAR's using alt_disk_install.
I just wanted to clarify my steps here.
1. alt_disk_install -CBO hdisk1 and rename it to alt1
2. alt_disk_install -CBO hdisk2 and rename it to alt2
3. alt_disk_install... (4 Replies)
Hello Everyone,
Can you please help me with the following questions regarding recycling LPARs.
1) Is it recommended to automate the reboot of AIX LPARs with a script ?
i mean we've few App LPARs and Database LPARs. we would like to bring down LPARs on last sunday of every month for about 1... (4 Replies)
Hi Guys,
Our lpars is currently running on 2 different vlans (20, 30). Now we have a requirement that vlan 30 needs to be change to vlan 31 at the same subnet. I'm not sure on what is the best approach for this or what change is involve on the AIX side.
This is our setup.
Network switch -... (5 Replies)
Discussion started by: kaelu26
5 Replies
LEARN ABOUT OSF1
syslog.conf
syslog.conf(4) Kernel Interfaces Manual syslog.conf(4)NAME
syslog.conf - syslogd configuration file
SYNOPSIS
facility.severity destination Where: Is part of the system generating the message, specified in /usr/include/sys/syslog_pri.h.
See also the syslogd(8) reference page. The severity level, which can be emerg, alert, crit, err, warning, notice, info, or debug. See
/usr/include/sys/syslog_pri.h.
The syslogd daemon logs all messages of the specified severity level plus all messages of greater severity. For example, if you
specify level err, all messages of levels err, crit, alert, and emerg or panic are logged. A local file pathname to a log file, a
host name for remote logging or a list of users. In the latter case the users will receive messages when they are logged in. An
asterisk (*) causes a message to be sent to all users who are currently logged in.
DESCRIPTION
The /etc/syslog.conf file is a system file that enables you to configure or filter events that are to be logged by syslogd. You can specify
more than one facility and its severity level by separating them with semicolons.
You can specify more than one facility logs to the same file by separating the facilities with commas, as shown in the EXAMPLES section.
The syslogd daemon ignores blank lines and lines that begin with an octothorpe (#). You can specify # as the first character in a line to
include comments in the file or to disable an entry. The facility and severity level are separated from the destination by one or more tab
characters.
If you want the syslogd daemon to use a configuration file other than the default, you must specify the file name with the following com-
mand: # syslogd -f config_file
Daily Log Files
You can specify in the /etc/syslog.conf file that the syslogd daemon create daily log files. To create daily log files, use the following
syntax to specify the path name of the message destination: /var/adm/syslog.dated/ { file} The file variable specifies the name of the log
file, for example, mail.log or kern.log. If you specify a /var/adm/syslog.dated/file path name destination, each day the syslogd daemon
creates a sub-directory under the /var/adm/syslog.dated directory and a log file in the sub-directory, using the following syntax:
/var/adm/syslog.dated/ date / file Where: The date variable specifies the day, month, and time that the log file was created. The file
variable specifies the name of the log file you previously specified in the /etc/syslog.conf file. The syslogd daemon automatically cre-
ates a new date directory every 24 hours and also when you boot the system. The current directory is a link to the latest date directory.
To get the latest logs, you only need to reference the /var/adm/syslog.dated/current directory.
EXAMPLES
The following is a sample /etc/syslog.conf file: # # syslogd config file # # facilities: kern user mail daemon auth syslog lpr binary #
priorities: emerg alert crit err warning notice info debug # kern.debug /var/adm/syslog.dated/kern.log user.debug /var/adm/sys-
log.dated/user.log daemon.debug /var/adm/syslog.dated/daemon.log auth.crit;syslog.debug /var/adm/syslog.dated/syslog.log mail,lpr.debug
/var/adm/syslog.dated/misc.log msgbuf.err /var/adm/crash.dated/msgbuf.savecore kern.debug /var/adm/messages kern.debug /dev/console *.emerg
*
FILES
/etc/syslog.conf
/etc/syslog.auth - Authorization file for remote logging.
/usr/include/sys/syslog_pri.h - Common components of a syslog event log record.
RELATED INFORMATION
Commands: /usr/sbin/syslogd(8), /usr/sbin/binlogd(8)
System Administration delim off
syslog.conf(4)