Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: [Fed-Talk] Auditing User Login/Logout Events

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Auditing User Login/Logout Events

Subject: Re: [Fed-Talk] Auditing User Login/Logout Events
From: Todd Heberlein <email@hidden>
Date: Mon, 13 Mar 2006 10:08:19 -0800

I tried just using the "lo" flags this weekend, and I don't think it is what you need. Another possibility, although perhaps less reliable, is to use the "last" command from the Terminal or access / var/log/wtmp file directly.

Todd


On Mar 11, 2006, at 4:46 PM, Todd Heberlein wrote:

On Mar 9, 2006, at 2:29 PM, Joshua Weinstein wrote:
I am aware of the common criteria audit tools and have installed them on our server. I would like to know if anyone has suggestions on how to simplify the audit logs to only record user login/logout events.
Have you tried setting the audit flags to just "lo"?
The flags are set in /etc/security/audit_control
and the new line would be:
flags:lo
I haven't tested this yet (I keep my flags set to "all" :-), so I don't know if it will work or not.
Todd


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >[Fed-Talk] Auditing User Login/Logout Events (From: Joshua Weinstein <email@hidden>)
  >Re: [Fed-Talk] Auditing User Login/Logout Events (From: Todd Heberlein <email@hidden>)




Prev by Date:
[Fed-Talk] Nice Application

Next by Date:
[Fed-Talk] Opening a port on xserve

Previous by thread:
Re: [Fed-Talk] Auditing User Login/Logout Events

Next by thread:
[Fed-Talk] Re: Auditing User Login/Logout Events

Index(es):

Date
Thread