Products  | Support & Services  | News & Events  | Partners  | Policies  | Global Sites
Home > Support > Hummingbird Connectivity Products > Exceed >  How do you set up UNIX logging to log all dtlogin processes to a logfile? Print View   Contact Me
Connectivity Support

WebSupport
Knowledge Base
Request Support
Online Community
Contact Us
NewsLink Newsletter



How do you set up UNIX logging to log all dtlogin processes to a logfile?

LAST MODIFIED DATE: April 21, 2006

VERSION: This applies to Exceed All versions

PROBLEM:

How do you log the attempts and failures of users logining in to a UNIX host via dtlogin?

SOLUTION:

There are several methods that a UNIX Administrator can set up to monitor/log the login attempts and failures:

A) It is possible to log dtlogin attempts using the syslog facility as follows:

  1. Make backup copies of the /etc/pam.conf and /etc/syslog.conf files.
  2. Edit the /etc/pam.conf file.
  3. Find the Account management section.
  4. Add the word debug to the end of the login and dtlogin lines under the Account management section. (see "Additional Information" section below).

    # Account management
    #
    login account required /usr/lib/security/pam_unix.so.1 debug
    dtlogin account required /usr/lib/security/pam_unix.so.1 debug
    #
    other account required /usr/lib/security/pam_unix.so.1

  5. Edit the /etc/syslog.conf file.

    Add
    ;auth.debug;user.debug to the line that defines logging to the /var/adm/messages.
    Example, change:
    *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages so that it looks like:
    *.err;kern.debug;daemon.notice;mail.crit;auth.debug;user.debug /var/adm/messages

  6. Alternative to /var/adm/messages

    If you don't want the logging to be in /var/adm messages the auth.debug;user.debug could be logged to another file by making a new line in the syslog.conf file that looks like this:

    auth.debug;user.debug /var/adm/login_log

  7. The results in either /var/adm/messages or /var/adm/login_log look like this:

    Nov 9 15:20:27 host dtlogin[733]: unix pam_sm_authenticate(dtlogin root), flags = 0
    Nov 9 15:20:28 host dtlogin[733]: pam_authenticate: error Authentication failed.
    Nov 9 15:20:53 host dtlogin[733]: unix pam_sm_authenticate(dtlogin wintest), flags = 0
    Nov 9 15:20:54 host dtlogin[733]: pam_authenticate: error Authentication failed
    Nov 9 15:21:05 host dtlogin[733]: unix pam_sm_authenticate(dtlogin wintest), flags = 0
    Nov 9 15:30:17 host dtlogin[1029]: unix pam_sm_authenticate(dtlogin root), flags = 0
    Nov 9 15:30:19 host dtlogin[1029]: pam_authenticate: error Authentication failed.

    Note that the login at 15:21:05 was successful.

B) Another method involves turning on dtlogin debugging:

  1. Edit the file /etc/init.d/dtlogin, change the line:

    /usr/dt/bin/dtlogin -daemon &

    to

    /usr/dt/bin/dtlogin -daemon -debug 16 > /tmp/dtlogin.log 2>&1 &

  2. Restart dtlogin (or reboot).

  3. View the log in /tmp/dtlogin.log