Login auditing

From: Adametz, Bluejay (bluejay@fujigreenwood.com)
Date: Fri Aug 09 2002 - 08:38:59 EDT

• Next message: Andre.van.Benthem@achmea.nl: "SUMMARY: Very large resident memory size oracle-processes."
• Previous message: Schwarzkugler, Bernd: "Summary: trucluster trouble with niffd error message in clusterco nsole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've been fiddling with the auditing configuration on my servers, and what I
think I want to do is *not* audit successful logins and logouts, *except*
for specific users (e.g. root). I figured I could do this by configuring the
system-wide auditing to only audit login & logout failures, and enable login
and logout audits (success and failure) for the particular user(s).

It looks like I have things set up right, but I only get the logout audits.
For example, I have this account on a test machine (set up by dxaccounts):

backups:u_name=backups:u_id#200:u_pwd=xxxxxxxxxxxxx:u_auditmask=login\:1\:1,
logout\:1\:1:\
 
:u_succhg#1026910165:u_oldcrypt#0:u_suclog#1028890908:u_suctty=INET#hawk:\
        :u_unsuctty=INET#hawk:u_unsuclog#1028815916:u_lock@:u_unlock#1800:\
        :chkent:

But I get no login audit. Only the logout.

Ideas?

                                                - Bluejay Adametz

If a cluttered desk is the sign of a cluttered mind, what about an empty
desk?

• Next message: Andre.van.Benthem@achmea.nl: "SUMMARY: Very large resident memory size oracle-processes."
• Previous message: Schwarzkugler, Bernd: "Summary: trucluster trouble with niffd error message in clusterco nsole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:49 EDT