To control the output destination for syslog messages on UNIX or Linux:
-
Modify the syslog.conf file,
which may be located in the /etc/ directory. (It is not necessarily in a standard location on a server.)
-
Create a file to hold the messages and then insert a line
into the syslog.conf file such as:
*.info/usr/USERNAME/AccessLogMessages
Note:
The specified file must exist before adding this entry in the syslog.conf file.
The UNIX system handles successful access and failed access messages as
*.info
and
*.notice
, respectively:
-
Successful access attempts are recorded as priority LOG_INFO.
- Failed access attempts are recorded as priority LOG_NOTICE.
-
Get the new entry (in the syslog.conf file) recognized by doing one of the following:
Note:
The syslog.pid file can be located in different areas on different machines. This is just an example.
The following is a sample of the output:
Jun 11 12:19:28 dvwflx1 ENOVIA[16313]: User creator: successful login. (clientHOST=1.1.1.1, IP address=testmachine, MAC address=00-1A-A0-BC-52-06)
Jun 11 12:19:28 dvwflx1 ENOVIA[16313]: User p: successful login. (clientHOST=1.1.1.1, IP address=testmachine, MAC address=00-1A-A0-BC-52-06)
A new entry is not added if the prior entry is the same. Instead, the number of times that the entry is repeated is entered, followed by the next entry that is different.