May 10th, 2005, 01:14 PM
Can we audit logon and logoffs, privilege use, policy changes, object access, etc... If so how do I look at those logs?
May 10th, 2005, 01:20 PM
Depends on OS, and if you have these features turned on. Logging most stuff is off by default in most Windows OS's
May 10th, 2005, 02:01 PM
logon/logoff should be in utmp/wtmp/lastlog usually logged via syslog.
The rest depends on MAC support.
Experience is something you don't get until just after you need it.
May 13th, 2005, 01:56 PM
most of the systems are Red Hat.
May 13th, 2005, 06:13 PM
Have a look in /var/log and see what info you have reporting to log files in here. Xferlog, Secure and Messages are going to be of peak interest to you. If it's not up to your needs, you can easily adjust logging in RH or any other *nix distro.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 15th, 2005, 12:07 AM
If you're looking specifically for logins i'm guessing something in /var/log/messages would tell you something. Otherwise if it's the failed logins you're worried about, it's in /var/log/faillog
Try checking through all the messages if it's the former because i have 4 message files in /var/log/*
June 15th, 2005, 02:32 AM
Ummm.... don't bring up old threads?