I've been fiddling with the auditing configuration on my servers, and what I
think I want to do is *not* audit successful logins and logouts, *except*
for specific users (e.g. root). I figured I could do this by configuring the
system-wide auditing to only audit login & logout failures, and enable login
and logout audits (success and failure) for the particular user(s).
It looks like I have things set up right, but I only get the logout audits.
For example, I have this account on a test machine (set up by dxaccounts):
backups:u_name=backups:u_id#200:u_pwd=xxxxxxxxxxxxx:u_auditmask=login\:1\:1,
logout\:1\:1:\
:u_succhg#1026910165:u_oldcrypt#0:u_suclog#1028890908:u_suctty=INET#hawk:\
:u_unsuctty=INET#hawk:u_unsuclog#1028815916:u_lock_at_:u_unlock#1800:\
:chkent:
But I get no login audit. Only the logout.
Ideas?
- Bluejay Adametz
If a cluttered desk is the sign of a cluttered mind, what about an empty
desk?
Received on Fri Aug 09 2002 - 12:39:45 NZST