loginlog(4) [sunos man page]
loginlog(4) File Formats loginlog(4) NAME
loginlog - log of failed login attempts DESCRIPTION
After five unsuccessful login attempts, all the attempts are logged in the file /var/adm/loginlog. This file contains one record for each failed attempt. Each record contains the login name, tty specification, and time. This is an ASCII file. Each field within each entry is separated from the next by a colon. Each entry is separated from the next by a new- line. By default, loginlog does not exist, so no logging is done. To enable logging, the log file must be created with read and write permission for owner only. Owner must be root and group must be sys. FILES
/var/adm/loginlog SEE ALSO
login(1), passwd(1) SunOS 5.10 3 Jul 1990 loginlog(4)
Check Out this Related Man Page
FAILLOG(8) System Manager's Manual FAILLOG(8) NAME
faillog - examine faillog and set login failure limits SYNOPSIS
faillog [-u login-name] [-a] [-t days] [-m max] [-pr] DESCRIPTION
faillog formats the contents of the failure log, /var/log/faillog, and maintains failure counts and limits. The order of the arguments to faillog is significant. Each argument is processed immediately in the order given. The -p flag causes failure entries to be printed in UID order. Entering -u login-name flag will cause the failure record for login-name only to be printed. Entering -t days will cause only the failures more recent than days to be printed. The -t flag overrides the use of -u. The -a flag causes all users to be selected. When used with the -p flag, this option selects all users who have ever had a login failure. It is meaningless with the -r flag. The -r flag is used to reset the count of login failures. Write access to /var/log/faillog is required for this option. Entering -u login-name will cause only the failure count for login-name to be reset. The -m flag is used to set the maximum number of login failures before the account is disabled. Write access to /var/log/faillog is required for this option. Entering -m max will cause all accounts to be disabled after max failed logins occur. This may be modified with -u login-name to limit this function to login-name only. Selecting a max value of 0 has the effect of not placing a limit on the number of failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system. Options may be combined in virtually any fashion. Each -p, -r, and -m option will cause immediate execution using any -u or -t modifier. CAVEATS
faillog only prints out users with no successful login since the last failure. To print out a user who has had a successful login since their last failure, you must explicitly request the user with the -u flag, or print out all users with the -a flag. Some systems may replace /var/log with /var/adm or /usr/adm. FILES
/var/log/faillog - failure logging file SEE ALSO
login(1), faillog(5) AUTHOR
Julianne Frances Haugh (jockgrrl@ix.netcom.com) FAILLOG(8)