/etc/security/authlog
with the following contents:
#!/usr/bin/ksh # /etc/security/authlog: syslog all successfull logins /usr/bin/logger -t tsm -p auth.info "$@ logged in from $(/usr/bin/tty) (${DISPLAY})"and allow root only:
chmod 700 /etc/security/authlog
/etc/security/login.cfg
(AIX <= 5.1)/usr/lib/security/methods.cfg
(AIX >= 5.2)
AUTHLOG: program = /etc/security/authlog
/etc/security/user
auth2 = AUTHLOG
/etc/dt/config/Xsession.d/dtlog
should contain:
#!/usr/bin/ksh # /etc/dt/config/Xsession.d/dtlog: log dtlogins /usr/bin/logger -t dtlogin -p auth.info "${LOGNAME} logged in from (${DISPLAY})"
/etc/syslog.conf
*.debug /var/adm/syslog.debug *.info /var/adm/syslog mail.debug /var/spool/mqueue/log auth.debug /var/adm/syslog.auth # for the logging machine auth.debug @biolog # for all others, except logging machine!IMPORTANT: do not use
@biolog
on the logging machine
itself, it well generate in infite loop of syslogs !
The actual value of biolog
is determined via DNS name resolution.
touch /var/spool/mqueue/syslog touch /var/adm/syslog.auth touch /var/adm/syslog.debug touch /var/adm/syslog # update the syslog daemon with the new settings: refresh -s syslogd
/opt/bin/logrotate.sh
is a custom shell script to rename previous versions
of the above logfiles by appending a version number running from 0 through 5
/local/bin/newsyslog
is the obsolete version for
a hardcoded collection of log files).
crontab -e # 0 3 * * * /local/bin/newsyslog >/dev/null 1 3 * * * /opt/bin/logrotate.sh /var/adm/syslog.debug >/dev/null 2 3 * * * /opt/bin/logrotate.sh /var/adm/syslog >/dev/null 3 3 * * * /opt/bin/logrotate.sh /var/adm/syslog.auth >/dev/null 4 3 * * * /opt/bin/logrotate.sh /var/spool/mqueue/syslog >/dev/nullto schedule this at 3 AM plus a few minutes.