[Sunhelp] logging logins on Solaris 7
Flynn, Harold M. III
Flynnh at mont.disa.mil
Tue Jan 11 17:31:10 CST 2000
This can be specified in /etc/security/audit_control (as per the man page).
This file allows you to specify alternate directories, as well as alternate
filesystems when the current logging filesystem fills up, or reaches a
certain percentage (also tweakable via the audit_control file).
Hal
Hal Flynn, ICS Inc. Senior Systems Analyst
Defense Information Systems Agency
flynnh at mont.disa.mil Commercial: 334-416-3233
DSN: 596-3233
> Great. Is there any decent way to do centralized logging so that the logs
> can all be analyzed on one host? There are two primary reasons for this:
>
> 1) less administrative stuff; I can generate reports for an entire subnet
> easily if I can get them all to log to one place
>
> 2) anybody who hacks into my system is going to edit /var/audit/*. If the
> logs are kept on a remote (hopefully, more secure) server, they'll have
> more trouble covering their tracks.
>
> thanks,
> Will
>
>
> --------------------------------------------------------------------------
> | harpo at udel.edu lowe at cis.udel.edu lowe at debian.org lowe at asel.udel.edu |
> | http://www.cis.udel.edu/~lowe/ |
> | PGP Public Key: http://www.cis.udel.edu/~lowe/index.html#pgpkey |
> --------------------------------------------------------------------------
>
More information about the SunHELP
mailing list