From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Bo Phan" <beowulfnewbee@gmail.com>
Subject: aureport does not log logins
Date: Wed, 25 Jun 2008 09:28:10 -0600
Message-ID: <d96bd5b70806250828w319df4e6k42f66920c659244c@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0081359451=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m5PFSt8v006631
	for <linux-audit@redhat.com>; Wed, 25 Jun 2008 11:28:55 -0400
Received: from ag-out-0708.google.com (ag-out-0708.google.com [72.14.246.244])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m5PFSUSs015798
	for <linux-audit@redhat.com>; Wed, 25 Jun 2008 11:28:39 -0400
Received: by ag-out-0708.google.com with SMTP id 23so25713677agd.7
	for <linux-audit@redhat.com>; Wed, 25 Jun 2008 08:28:30 -0700 (PDT)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============0081359451==
Content-Type: multipart/alternative;
	boundary="----=_Part_20836_32068197.1214407691279"

------=_Part_20836_32068197.1214407691279
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

OS: Suse 9.3
aureport version 1.6.2

I know it's something that I need to see but I've been struggling with this
project for so long. When I do aureport, logins (either successful or
failed) are not showed.
I watch the /var/log/audit/audit.log and it does not log any logins
attempts. Frankly, my audit.rules has the following
-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins
 But I guess it only watches changes in these 2 logs.

Also, the /var/log/messages does show all login attempts if it points to
something. Thanks all for your help.
Bo

------=_Part_20836_32068197.1214407691279
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

OS: Suse 9.3<br>aureport version 1.6.2<br><br>I know it&#39;s something that I need to see but I&#39;ve been struggling with this project for so long. When I do aureport, logins (either successful or failed) are not showed.<br>
I watch the /var/log/audit/audit.log and it does not log any logins attempts. Frankly, my audit.rules has the following <br>-w /var/log/faillog -p wa -k logins<br>-w /var/log/lastlog -p wa -k logins<br>&nbsp;But I guess it only watches changes in these 2 logs.<br>
<br>Also, the /var/log/messages does show all login attempts if it points to something. Thanks all for your help.<br>Bo<br>

------=_Part_20836_32068197.1214407691279--


--===============0081359451==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0081359451==--