Re: [Fed-Talk] Auditing User Login/Logout Events
Re: [Fed-Talk] Auditing User Login/Logout Events
- Subject: Re: [Fed-Talk] Auditing User Login/Logout Events
- From: Todd Heberlein <email@hidden>
- Date: Mon, 13 Mar 2006 10:08:19 -0800
I tried just using the "lo" flags this weekend, and I don't think it
is what you need. Another possibility, although perhaps less
reliable, is to use the "last" command from the Terminal or access /
var/log/wtmp file directly.
Todd
On Mar 11, 2006, at 4:46 PM, Todd Heberlein wrote:
On Mar 9, 2006, at 2:29 PM, Joshua Weinstein wrote:
I am aware of the common criteria audit tools and have installed
them on our server. I would like to know if anyone has
suggestions on how to simplify the audit logs to only record user
login/logout events.
Have you tried setting the audit flags to just "lo"?
The flags are set in /etc/security/audit_control
and the new line would be:
flags:lo
I haven't tested this yet (I keep my flags set to "all" :-), so I
don't know if it will work or not.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden