Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!tektronix!gvgpsa!davew
From: davew@gvgpsa.GVG.TEK.COM (David C. White)
Newsgroups: comp.unix.ultrix
Subject: Re: questions about syslog in Ultrix 3.0
Message-ID: <1222@gvgpsa.GVG.TEK.COM>
Date: 25 Jul 89 05:34:12 GMT
References: <1338@crdgw1.crd.ge.com>
Reply-To: davew@gvgpsa.gvg.tek.com (David C. White)
Organization: Grass Valley Group, Grass Valley, CA
Lines: 19

In article <1338@crdgw1.crd.ge.com> barnett@crdgw1.crd.ge.com (Bruce Barnett) writes:
>How does Ultrix 3.0 log security errors, like bad "su" to root,
>attempts to log in that fail because of too many bad passwords, etc?

To check for bad "su" attempts, look in /var/adm/sulog.  A failed "su"
will look like this:

BADSU: davew /dev/ttyp4 Mon Jul 24 15:18:57 1989

(OK, so I can't type sometimes)

For failed login attempts, they should get logged in
/var/spool/mqueue/syslog.  You may have your logging level set wrong in
/etc/syslog.conf.  Check the man page on "syslog(8)" on how to set the
logging levels.
-- 
Dave White	Grass Valley Group, Inc.   VOICE: +1 916.478.3052
P.O. Box 1114  	Grass Valley, CA  95945    FAX: +1 916.478.3778
Internet: davew@gvgpsa.gvg.tek.com     UUCP:  ...!tektronix!gvgpsa!davew