Little questin bout' an automated message from SYSLOG.LOG

[ratbs75]

Hi,

I want to know HOW I could programm somthing to let me know if an SU command were recently used (at least 5 minutes...). I'd say programming it into a Crontab which check every 5 mins after an SU command in the syslog.log file... but I don't really know how to let me KNOW about if any NEW su command used... It's just be able to monitor online use of "su"... thnx in advance... (make it easy, i'm a newbie
I used to type
#cat /var/adm/syslog/syslog.log | grep root | more
This shows me the 'root's login line, and WHO used the su command, as no direct root login is possible.

thnx in advance

 

[DSMARWAY]

hi,

if someone attempts to su as another user , it will be logged in /var/adm/sulog

so just check this file .

HTH

 

[bi]

I have a script that might be adapted to do what you want it to do. Someone from Tek-Tips sent it to me. (it is used on another Unix operating system, but you can adapt it for what you want to do, I think.)

What the script does is run a command and count the number of lines it gets back from the command. It saves the count in a file. Then, 5 minutes later, it runs the command again. If the count changes (either up or down), it sends an email to whoever I have specified through the /etc/aliases file.

You could change the script to grep through /var/adm/sulog, or just count the number of lines and then email you if the number has gone up.

Post your email if you want me to send you the script.

 

[ratbs75]

thnx alot, i'll look at it: send it to BS_GAMER@HOTMAIL.COM, thnx in advance