Path: utzoo!attcan!uunet!bu.edu!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!samsung!cs.utexas.edu!yale!eagle.wesleyan.edu!gravishanker
From: gravishanker@eagle.wesleyan.edu
Newsgroups: comp.unix.aix
Subject: <None>
Message-ID: <1990Nov12.093602.35688@eagle.wesleyan.edu>
Date: 12 Nov 90 14:36:01 GMT
Organization: Wesleyan University Computing Center
Lines: 26

Hi

I noticed the existence of a file /etc/security/failedlogin in my RS/6000. It
is a file containing failed login information and the accounting records on it
are written in utmp format. It apparently contains the information on failed
login - either username failures or password failures. When I did an:

	ac -p -w /etc/security/failedlogin

I got the following:

    	sshan     0.00
        UNKNOWN_1320.04
        root      0.00
        total  1320.05

Is this correct? Obviously, the UNKNOWN_ seems to have wrong format. It is hard
to believe the time taken up. The reason I say that is, I more'd the file,
knowing it is garbage, and there are about 10 or 15 entries for UNKNOWN_USER. I
can't see why that would add up to 1320 seconds(I hope these are not min.). My
feeling is that the 8 character username is causing the problem, thus the USER
is the UNKNOWN_USER getting read as some kind of time! If someone feels that is
not the case and that these times are correct, then I have my hands full and
need to look up what's going on. Any help is appreciated.

Ravi