Hi,
Sorry for the delay in posting this summary but things have been busy here.
Thanks to all who replied to my query.
The overwhelming opinion is to touch /var/adm/sialog. This will then log
every single user authentication on the system, successful or otherwise.
As we have a large number of logins per hour this has meant that the file
has got big quickly so is not an ideal solution for us. However, I will be
investigating auditing, but so far have not been able to log failed su
commands this way.
Thanks for all the help,
Vikki
Received on Tue Mar 06 2001 - 15:08:05 NZDT