UNIX logging question.
Guy Harris
guy at auspex.UUCP
Sat Dec 16 09:40:38 AEST 1989
>On BSD 4.3 based systems (I believe), such as SunOS 4.x and UMAX 4.3,
>failed logins, root logins, records of successful and failed su's are
>logged using syslog(3).
More precisely, the 4.3BSD "login" logs, through "syslog":
EVENT SEVERITY
failed attempts to log in as
"root" on a terminal not
marked "secure" "crit"
*repeated* login failures on
the same "session" with
"login", regardless of account,
where "repeated" means "5 or more
in a row" (after which, it hangs
the phone up) "crit" in 4.3BSD
"err" in 4.3-tahoe
successful logins on "dialup"
lines (i.e., ones where the tty's
file name ends with "d" and one
character after the "d") "info"
successful root logins "notice"
and the 4.3BSD "su" logs:
EVENT SEVERITY
failed "su"s to "root" "crit"
successful "su"s to "root" "notice"
Successful "su"s to accounts other than "root", and individual failed
logins to any account, aren't logged at all. (Presumably the intent for
the latter is to keep it from logging a message every time you transpose
two characters in your password or something like that.) "Failed"
logins are those where the account was valid, but either 1) the password
wasn't the right one or 2) the account was "root", the password was
valid, but the terminal wasn't marked "secure".
Vendors may change these.
More information about the Comp.unix.questions
mailing list