Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Darren J Moffat (Darren.Moffat_at_Sun.COM)
Date: Fri Jan 17 2003 - 15:00:24 CST
On Wed, 15 Jan 2003, Ali Ernalbant wrote:
> I created `/var/adm/loginlog` as root to capture failed logins with
> permission 600. (Solaris 9)
> I changed group owner to `sys`. However when I try to make failed login
> attempts, I can not get any log
> into `/var/adm/loginlog`.
> Can anyone help me about this?
Only /bin/login uses /var/adm/loginlog. It only adds entries to that
log after RETRIES failed attempts. RETRIES is set in /etc/default/login
and is 5 by default.
If you are interested in failed login attempts I strongly suggest you
use BSM audit instead. See bsmconv(1m) for details, you need only setup
the audit class lo. The attach document shows you all you need to get
-- Darren J Moffat
- TEXT/PLAIN attachment: failed_logins