Can we audit logon and logoffs, privilege use, policy changes, object access, etc... If so how do I look at those logs?
Printable View
Can we audit logon and logoffs, privilege use, policy changes, object access, etc... If so how do I look at those logs?
Depends on OS, and if you have these features turned on. Logging most stuff is off by default in most Windows OS's
logon/logoff should be in utmp/wtmp/lastlog usually logged via syslog.
The rest depends on MAC support.
most of the systems are Red Hat.
Have a look in /var/log and see what info you have reporting to log files in here. Xferlog, Secure and Messages are going to be of peak interest to you. If it's not up to your needs, you can easily adjust logging in RH or any other *nix distro.
--Th13
If you're looking specifically for logins i'm guessing something in /var/log/messages would tell you something. Otherwise if it's the failed logins you're worried about, it's in /var/log/faillog
Try checking through all the messages if it's the former because i have 4 message files in /var/log/*
Ummm.... don't bring up old threads?