This content has been marked as final. Show 12 replies
The last command is simply processing the info from the /var/adm/wmtpx file.
So if you can read that file yourself directly if you want.
Try man wtmpx
Sure but wtmpx is a binary data file and i should use a crontab acctcon script to read it and it's not properly a real time login/logout tracking as i need.
You can use fwtmp to read the wtmpx file, for example:
/usr/lib/acct/fwtmp < /var/adm/wtmpx
.. To use auditing, see the man page for 'bsm'..
I'm not sure what you mean by "real time tracking".
You can write a daemon that examines the file as often as required and does something when it changes.
But I presume you want to save yourself the hassle of writing a daemon yourself.
I mean that everytime a user login or logout an entry is writed in syslog.
As you said i was looking for something already done by someone.
At the moment i'm wrinting my own daemon to do it........... very hassle :)
It also depends on which login method you are talking about, ssh for example can log to syslog, not sure if you can do that for console logins...
This is a security issue, i need to monitor every kind of access on my systems
Then i would recommend audit/bsm.
Audit, as you know, collect data in binary format and you need other commands such as auditreduce and praudit to read his output.
As I specified in my first post i need something that automatically records user login and user logout in a log file in text format, nothing else.
Oops, pardon my ignorance.
In that case, my last suggestion would be using loginlog (see man loginlog) in combination with setting SYSLOG_FAILED_LOGINS=0 in /etc/default/login.. if that feature exists in Solaris 9.
Login/Logout events tracking is quite different from "unsuccessful login attempts" tracking.
for successful logins:
#chmod 600 logins
#log successful logins
for failed: use loginlog as somebody said in previous posts....
for CDE logins,
i think there is a file called pam.conf on solaris 9