Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!rutgers!columbia!cunixc!cunixf!fuat
From: fuat@cunixf.cc.columbia.edu (Fuat C. Baran)
Newsgroups: comp.unix.questions
Subject: Re: UNIX logging question.
Keywords: failed login password
Message-ID: <1989Dec9.004940.29347@cunixf.cc.columbia.edu>
Date: 9 Dec 89 00:49:40 GMT
References: <3259@hub.UUCP> <300@rulcvx.uucp>
Reply-To: fuat@cunixf.cc.columbia.edu (Fuat C. Baran)
Organization: Columbia University Center for Computing Activities
Lines: 18

In article <300@rulcvx.uucp> crissl@rulcvx.UUCP (Stefan Linnemann) writes:
>On our system, a Convex C210, failed logins are logged in
>/usr/adm/badlogins.  Though Convex uses a BSD derived Unix, they have
>modified it, so I can't tell whether this is a common place or just
>Convex's.

On BSD 4.3 based systems (I believe), such as SunOS 4.x and UMAX 4.3,
failed logins, root logins, records of successful and failed su's are
logged using syslog(3).  Logging is done to the "auth" facility
(LOG_AUTH) and where the output goes can be configured via the
/etc/syslog.conf file.  We keep ours in /var/log/sulog (or
/var/adm/sulog).

					--Fuat
Internet: fuat@columbia.edu          U.S. MAIL: Columbia University
  BITNET: fuat@cunixc                           Center for Computing Activities
    UUCP: ...!rutgers!columbia!cunixc!fuat      712 Watson Labs, 612 W115th St.
   Phone: (212) 854-5128                        New York, NY 10025