/etc/security/authlog with the following contents:
#!/usr/bin/ksh
# /etc/security/authlog: syslog all successfull logins
/usr/bin/logger -t tsm -p auth.info "$@ logged in from $(/usr/bin/tty) (${DISPLAY})"
and allow root only:
chmod 700 /etc/security/authlog
/etc/security/login.cfg (AIX <= 5.1)/usr/lib/security/methods.cfg (AIX >= 5.2)
AUTHLOG:
program = /etc/security/authlog
/etc/security/user auth2 = AUTHLOG
/etc/dt/config/Xsession.d/dtlog should contain:
#!/usr/bin/ksh
# /etc/dt/config/Xsession.d/dtlog: log dtlogins
/usr/bin/logger -t dtlogin -p auth.info "${LOGNAME} logged in from (${DISPLAY})"
/etc/syslog.conf*.debug /var/adm/syslog.debug *.info /var/adm/syslog mail.debug /var/spool/mqueue/log auth.debug /var/adm/syslog.auth # for the logging machine auth.debug @biolog # for all others, except logging machine!IMPORTANT: do not use
@biolog on the logging machine
itself, it well generate in infite loop of syslogs !
The actual value of biolog is determined via DNS name resolution.
touch /var/spool/mqueue/syslog touch /var/adm/syslog.auth touch /var/adm/syslog.debug touch /var/adm/syslog # update the syslog daemon with the new settings: refresh -s syslogd
/opt/bin/logrotate.sh
is a custom shell script to rename previous versions
of the above logfiles by appending a version number running from 0 through 5
/local/bin/newsyslog is the obsolete version for
a hardcoded collection of log files).
crontab -e # 0 3 * * * /local/bin/newsyslog >/dev/null 1 3 * * * /opt/bin/logrotate.sh /var/adm/syslog.debug >/dev/null 2 3 * * * /opt/bin/logrotate.sh /var/adm/syslog >/dev/null 3 3 * * * /opt/bin/logrotate.sh /var/adm/syslog.auth >/dev/null 4 3 * * * /opt/bin/logrotate.sh /var/spool/mqueue/syslog >/dev/nullto schedule this at 3 AM plus a few minutes.