Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
/var/adm/messages and /var/adm/syslog 1
- Thread starter prv3116
- Start date
/var/adm/syslog is one of the many possible default locations for the syslog. Personally, I prefer /var/adm/ras/syslog though. It is only activated if there is an entry in /etc/syslog.conf. By default though, I believe the syslog is off in AIX, but I could be wrong.
/var/adm/messages is the same I believe, but is a lower level priority of messages.
Bill.
/var/adm/messages is the same I believe, but is a lower level priority of messages.
Bill.
Are you also talking about auditing?
-
1
- Thread starter
- #4
No, I don't believe it is auditing.
At a previous company, we used /var/adm/messages to log information pertaining to reboots, disk space, etc. This was just kinda misc info for us.
We used /var/adm/syslog (not sure of exact path) for information pertaining to transmissions, mail, etc. I could check this one when I was testing new email and beeper notifications.
Then it seems like there was another log that tracked some user information, failed logins, etc. We kept an eye on this one for security reasons. For example, once we had a system halt and later found in this log that our security department had been doing some port scans that flooded the system and we went cpu bound.
It's been a while and I don't know how these were set up and how to differentiate the different types of messages. I believe the reference you included for the syslogd will get me where I want. Thanks for your help and any other input you can offer!
Remember, amateurs built the Ark, professionals built the Titanic.
At a previous company, we used /var/adm/messages to log information pertaining to reboots, disk space, etc. This was just kinda misc info for us.
We used /var/adm/syslog (not sure of exact path) for information pertaining to transmissions, mail, etc. I could check this one when I was testing new email and beeper notifications.
Then it seems like there was another log that tracked some user information, failed logins, etc. We kept an eye on this one for security reasons. For example, once we had a system halt and later found in this log that our security department had been doing some port scans that flooded the system and we went cpu bound.
It's been a while and I don't know how these were set up and how to differentiate the different types of messages. I believe the reference you included for the syslogd will get me where I want. Thanks for your help and any other input you can offer!
Remember, amateurs built the Ark, professionals built the Titanic.
Hi, your last message may have refered to the file that logs all logins, rlogins and tn sessions: "/var/adm/wtmp". If you don't have system accounting running, this file grows indefinitely and can even cause /var to be full if you don't watch it!
- Status
Similar threads
- Locked
- Question