Re: adminlog

From: Joe Kattner (
Date: 01/17/03

  • Next message: Grzegorz Czaplinski: "Re: adminlog"
    Date: Fri, 17 Jan 2003 16:02:24 -0500
    From: Joe Kattner <>
    To: "Ali Ernalbant" <>


    Did you add an appropriate entry to /etc/syslog.conf and restart the
    syslog service?

    auth.debug /var/adm/loglog

    Add it to the bottom of your /etc/syslog.conf, touch the
    file in /var/adm, restart syslogd.

    If you only want failed logins in this separate file, use auth.crit
    instead of auth.debug. Also keep in mind that * is not a wildcard for
    severity, it represents all facilities (except mark).

    You probably have a *.debug pointed to /var/adm/messages already which
    will catch everything, make sure not to alter that. You always want to
    log all system events especially access attempts..


    I created `/var/adm/loginlog` as root to capture failed logins with
    permission 600. (Solaris 9)
    I changed group owner to `sys`. However when I try to make failed login
    attempts, I can not get any log
    into `/var/adm/loginlog`.
    Can anyone help me about this?

    Thanks in advance,