Chuck Swiger wrote:
tried the syslog changed it to auth.debug restarted the daemon tried changing my password but did not log the succsessful change. here is my syslog.conf fileSean Murphy wrote:
Chuck Swiger wrote:
Look at syslogd (/etc/syslog.conf) and /var/log/security or /var/log/auth.log, I suspect that what you want to see is already being logged there.I checked out syslog.conf and did not see what to uncomment to add the passwd logging it currently logs bad logins and su but not successful changed passwds then I had a look at /var/log/security but nothing was in that file. hmm would I have to add a line to the syslog.conf file to log this type of activity?
Take a look at the end of /usr/src/usr.bin/passwd/local_passwd.c:
[ ... ]
if (!pw_mkdb(uname))
pw_error((char *)NULL, 0, 1);
#ifdef LOGGING
syslog(LOG_DEBUG, "user %s changed their local password\n", uname);
#endif
return (0);
}
This message is being logged at DEBUG priority level, so I believe you should change the line in /etc/syslog.conf from "auth.info" to "auth.debug" and restart syslogd.
Or you could adjust this code to log using a higher priority (or write the info to a file directly, or whatever else you like), and build and reinstall the passwd binary with your changes.
# $FreeBSD: src/etc/syslog.conf,v 1.13.2.4 2003/05/12 13:59:23 yar Exp $
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.debug;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
cron.* /var/log/cron
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log
anything wrong with this conf? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
