01-03-2003
3,093,
36
Join Date: Apr 2002
Last Activity: 28 March 2019, 4:00 PM EDT
Location: On my motorcycle
Posts: 3,093
Thanks Given: 2
Thanked 36 Times in 11 Posts
If you are not seeing the pass/fail attempts in the /var/adm/sulog, then check /etc/default/su for the location of the file (you would change it in this file). If it is set to /dev/null, then you are not getting any recording (not the way to go) OR if at the bottom of the file SYSLOG does not equal YES, then no record of su attempts.
Read the man page on sulog and su for further info (You won't get the year - I think it's because they expect folks to be looking at this file and watching security more than once a year or two).