Re: What is signif. of console msg "AUDIT: Sun Jan 6 00:53:35 2002: 434 X: client ..."

From: Casper Dik (Casper.Dik@Sun.COM)
Date: 01/08/02


To: Andy Gabor <ajgabor@ucdavis.edu>
Date: Tue, 08 Jan 2002 11:34:20 +0100
From: Casper Dik <Casper.Dik@Sun.COM>


>From time to time I get a msg on /dev/console similar to the
>following:
>
>AUDIT: Sun Jan 6 00:53:35 2002: 434 X: client 19 rejected from IP xxx.xxx.xxx.xxx port 1025

It's a X server audit message; by default, the X server logs all refused
connections, though typically they end up in /var/dt/Xerrrors (when
running dtlogin.)

>I have no clear understanding of what this means, what generates this
>message and how/what needs to be set to control when and what messages
>are displayed under what circumstances (i.e I dont know nuttin').

The Sun X (Xsun) server has a "-audit level" switch, see
Xserver(1):

     -audit level
             Sets the audit trail level. The default level is 1,
             meaning only connection rejections are reported.
             Level 2 additionally reports all successful connec-
             tions and disconnects. Level 4 enables messages
             from the SECURITY extension, if present, including
             generation and revocation of authorizations and vio-
             lations of the security policy. Level 0 turns off
             the audit trail. Audit lines are sent as standard
             error output.

Casper