Re: Auditing user logins and logouts

From: Green, Simon (Simon.Green_at_EU.ALTRIA.COM)
Date: 04/06/04

  • Next message: Willeat, Todd: "Re: Auditing user logins and logouts" 
    Date:         Tue, 6 Apr 2004 19:57:03 +0200
To: aix-l@Princeton.EDU

    Are you using the auditpr command to display the audit records?
    If so, you probably need to amend that. Perhaps the "-v" flag.

    That'll give you a second line of output, including the user
    attempting to log in.

    Thu Aug 09 14:38:28 2001 root root OK USER_Login tsm

            user: ukghar3 tty: /dev/pts/2 

    --
Simon Green
Altria ITSC Europe Ltd
AIX-L Archive at https://new-lists.princeton.edu/listserv/aix-l.html
New to AIX? http://publib-b.boulder.ibm.com/redbooks.nsf/portals/UNIX
N.B. Unsolicited email from vendors will not be appreciated.
Please post all follow-ups to the list.
> -----Original Message-----
> From: Willeat, Todd [mailto:TWilleat@MHP.SMHS.COM]
> Sent: 06 April 2004 18:16
> To: aix-l@Princeton.EDU
> Subject: Re: Auditing user logins and logouts
>
>
> Removing the objects files has taken care of the
> S_PASSWD_READ problem. I
> was trying to use stream mode because I don't need to store
> the info locally
> since it will be going to a syslog server. I do still have a
> problem though:
>
> When a user logs in, the auditing system shows root running
> the tsm command,
> and for logout (by typing exit), it also shows root because
> root runs the
> telnetd process. Do you know of a way to show the login name
> for the user
> logging in/out?
>
> For example, I logged in as myself (twilleat) here:
> USER_Login      root     OK          Tue Apr 06 12:13:51 2004 tsm
>
> USER_Exit       root     OK          Tue Apr 06 12:13:53 2004 telnetd
>
  • Next message: Willeat, Todd: "Re: Auditing user logins and logouts"