Dear managers,
1 week ago I installed the audit logging system on Digital Unix 4.0F and I
still have some questions.
Take a look at this logged event:
ruid/euid: 0/0
pid: 205 ppid: 1
event: auth_event
login name: ****
home dir: ****
shell: /bin/bash
char param: argv=rpc.pcnfsd
char param: Failed authentication
error: 13
ip address: ****
timestamp: Fri May 4 09:49:41.73 2001 MET DST
This event does not have any remote/secondary identification data (I get
this info for telnet/ftp/ssh logins). This information is seriously need.. how
can it be achived?
And can you explain me the meaning of the following event:
audit_id: 1272 ruid/euid: 0/0
pid: 20418 ppid: 601
event: auth_event
login name: ****
home dir: ****
shell: /bin/bash
...........
-- remote/secondary identification data --
hostname: ****
...........
char param: argv=ipop3d
char param: Failed authentication
error: 13
ip address: ****
timestamp: Fri May 4 07:58:07.27 2001 MET DST
Thanks in advance.
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
Received on Fri May 04 2001 - 13:44:21 NZST