Need Help On Log Files
hi. i'm new on this ( Solaris ) .. could someone help me one this ..
When someone telnet to my Solaris Server . it doesn't create a log files .. that soppose system do .. the system only loggin when user su - to root account ..
here are my syslog.conf ..
# more /var/adm/messages
# more /var/adm/loginlog
# more /var/adm/remote_ip
# more /etc/syslog.conf
#ident "@(#)syslog.conf1.496/10/11 SMI"/* SunOS 5.0 */
#
# Copyright (c) 1991-1993, by Sun Microsystems, Inc.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
#
*.err;kern.notice;auth.notice /dev/console
*.err;kern.debug;deamon.notice;mail.crit/var/adm/messages
*.alert;kern.err;daemon.err operator
*.alertroot
*.emerg*
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.noticeifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err/dev/console
user.err/var/adm/messages
user.alert `root, operator'
user.emerg *
)
*.err;kern.debug;daemon.notice /var/opt/FJSVmadm/evh/evh_pipe
# BEGIN RAID Manager additions
# DO NOT EDIT from BEGIN above to END below...
user.err/dev/console
user.err/var/adm/messages
# END RAID Manager additions
# Start of lines added by NetWorker - DO NOT DELETE OR CHANGE THIS LINE
# installed by postinstall on Mon Jul 21 12:45:19 GMT 2003
daemon.notice/dev/console
daemon.notice/nsr/logs/messages
daemon.noticeoperator
local0.notice/nsr/logs/summary
local0.alertroot, operator
# End of lines added by NetWorker - DO NOT DELETE OR CHANGE THIS LINE
#
meanwhile here is my inetsvc files,
WARNING:Authorized Personel Only
WARNING : You MUST HAVE PRIOR AUTHORIZATION to access this system.
All connection are logged and monitored. By connecting to this
system you are fully consent to all monitoring.
UNAUTHORIZED access or USE will be PROSECUTED to the full extent
of the law. You Have BEEN WARNED.
login: ********
Password:
Last login: Tue Jan 4 11:34:12 from X.X.X.X
Sun Microsystems Inc.SunOS 5.6Generic August 1997
You have mail.
$ more /etc/init.d/inetsvc
#!/bin/sh
#
# Copyright (c) 1995, by Sun Microsystems, Inc.
# All Rights Reserved
#
#ident "@(#)inetsvc 1.16 97/04/17 SMI"
#
# This is third phase of TCP/IP startup/configuration. This script
# runs after the NIS/NIS+ startup script. We run things here that may
# depend on NIS/NIS+ maps.
#
#
# XXX - We need to give ypbind time to bind to a server.
#
sleep 5
#
# Re-set the netmask and broadcast addr for all IP interfaces. This
# ifconfig is run here, after NIS has been started, so that "netmask
# +" will find the netmask if it lives in a NIS map.
# The 'D' in -auD tells ifconfig NOT to mess with the interface
# if it is under DHCP control
#
/usr/sbin/ifconfig -auD netmask + broadcast +
# This is a good time to verify that all of the interfaces were
# correctly configured. But this is too noisy to run every time we
# boot.
#
# echo "network interface configuration:"
# /usr/sbin/ifconfig -a
#
# If this machine is configured to be an Internet Domain Name
# System (DNS) server, run the name daemon.
# Start named prior to: route add net host, to avoid dns
# gethostbyname timout delay for nameserver during boot.
#
if [ -f /usr/sbin/in.named -a -f /etc/named.boot ]; then
/usr/sbin/in.named;echo "starting internet domain name server."
fi
#
# Warning: The umask is 000 during boot, which requires explicit setting
# of file permission modes.
#
# Configure DNS where used
dnsdomain=`/sbin/dhcpinfo DNSdmain`
if [ -n "$dnsdomain" ]; then
dnsservers=`/sbin/dhcpinfo DNSserv`
if [ -n "$dnsservers" ]; then
if [ -f /etc/resolv.conf ]; then
sed -e '/^domain/d' -e '/^nameserver/d' \
/etc/resolv.conf > /etc/resolv.conf.$$
fi
echo "domain $dnsdomain" >> /etc/resolv.conf.$$
for name in $dnsservers; do
echo nameserver $name >> /etc/resolv.conf.$$
done
else
if [ -f /etc/resolv.conf ]; then
sed -e '/^domain/d' /etc/resolv.conf > /etc/resolv.conf.
$$
fi
echo "domain $dnsdomain" >> /etc/resolv.conf.$$
fi
mv /etc/resolv.conf.$$ /etc/resolv.conf
chmod 644 /etc/resolv.conf
# Add dns to the nsswitch file, if it isn't already there.
/usr/bin/awk ' $1 ~ /^hosts:/ {
n = split($0, a);
newl = a[1];
if ($0 !~ /dns/) {
printf("#%s # Commented out by DHCP\n", $0);
updated = 0;
for (i = 2; i <= n; i++) {
if (updated == 0 && index(a[i], "[") == 1) {
newl = newl" dns";
updated++;
}
newl = newl" "a[i];
}
if (updated == 0) {
newl = newl" dns";
updated++;
}
if (updated != 0)
newl = newl" # Added by DHCP";
else
newl = $0;
printf("%s\n", newl);
} else
printf("%s\n", $0);
} $1 !~ /^hosts:/ { printf("%s\n", $0); }' /etc/nsswitch.conf > /etc/nss
witch.conf.$$
mv /etc/nsswitch.conf.$$ /etc/nsswitch.conf
chmod 644 /etc/nsswitch.conf
else
# if we added DNS to a hosts line in the nsswitch, remove it.
sed -e '/# Added by DHCP$/d' -e 's/^\(#hosts:\)\(.*[^#]\)\(#.*\)$/hosts:
\2/' /etc/nsswitch.conf > /etc/nsswitch.conf.$$
mv /etc/nsswitch.conf.$$ /etc/nsswitch.conf
chmod 644 /etc/nsswitch.conf
fi
hostname=`/sbin/dhcpinfo Hostname`
if [ $? -eq 0 ]; then
if [ -z "$hostname" ]; then
hostname=`uname -n`
fi
ipaddr=`/sbin/dhcpinfo Yiaddr`
thostent=`grep -s "^${ipaddr}" /etc/inet/hosts`
if [ $? -eq 0 ]
then
# IP address is already in the hosts file. Ensure the
# associated hostname is the same as what we received
# via dhcp.
echo $thostent | \
(
read tip thost etc;
sed -e "/$ipaddr/s/$thost/$hostname/" /etc/inet/hosts > /etc/ine
t/hosts.temp;
)
else
cp -p /etc/inet/hosts /etc/inet/hosts.temp
echo "$ipaddr$hostname# Added by DHCP" >> /etc/inet/ho
sts.temp
fi
# update loopback transport hosts files
for inet in /etc/net/*/hosts
do
echo "# RPC hosts" > ${inet}
echo "${hostname}${hostname}" >> ${inet}
chmod 644 ${inet}
done
mv /etc/inet/hosts.temp /etc/inet/hosts
chmod 644 /etc/inet/hosts
fi
#
# Add a static route for multicast packets out our default interface.
# The default interface is the interface that corresponds to the node name.
#
mcastif=`/sbin/dhcpinfo Yiaddr`
if [ $? -ne 0 ]; then
mcastif=`uname -n`
fi
#echo "Setting default interface for multicast: \c"
#/usr/sbin/route add -interface -netmask "240.0.0.0" "224.0.0.0" "$mcastif"
#
# Run inetd in "standalone" mode (-s flag) so that it doesn't have
# to submit to the will of SAF. Why did we ever let them change inetd?
#
/usr/sbin/inetd -s
$
p/s: i've already test this methods .. but didn't works..
1. cd /etc/init.d
2. vi inetsvc
3. Change the last line in the file, ie
/usr/sbin/inetd -s &
to /usr/sbin/inetd -s -t &
4. Stop and Start that script
./inetsvc stop
./inetsvc start
5. vi /etc/syslog.conf
6 . Add the following line
deamon.notice /var/adm/name_of_log_file ( the two fields should be seperated by tabs )
7. touch /var/adm/name_of_log_file
8. kill -HUP syslogd
After these changes are made all connections that are started through the inetd deamon ( Telnet , FTP ) etc will be logged to the new file created
This is also very useful for auditing purposes with NTP protocol enabled which gives us a consistent time throughout the enterprise, accountability can be implemented in the organisation.
really?need help here
thanks in advance ..
