12-06-2007
384,
2
Join Date: Oct 2007
Last Activity: 17 December 2017, 7:57 PM EST
Location: Toronto, Ontario
Posts: 384
Thanks Given: 0
Thanked 2 Times in 2 Posts
audit with streammode and userlogin events
Hi,
The audit default config has no "authentication" so I added it:
General=USER_Login,USER_Logout,USER_SU,.............
I reset the audit with "audit shutdown". There's no event recorded with it only all other events are recorder.
I check the events for USER_Login/USER_Logout:
.
.
.
TCP_kreceive = printf "fd%d %s"
* commands
* tsm
USER_Login = printf "user: %s tty: %s"
PORT_Locked = printf "Port %s locked due to invalid login attempts"
TERM_Logout = printf "%s"
.
.
.
* logout
USER_Logout = printf "%s"
.
.
.
What do I need to reconfigure so that I could audit logon/logoff on my AIX.
Thanks