0 Replies Latest reply: Oct 5, 2013 3:59 PM by PKROETSCH RSS

Syslog not sending Logon Alerts

PKROETSCH
Currently Being Moderated

Hello,

 

I am required for compliance to track all user account activity. Therefore I need to track logon/logoff and login failures.

 

I have syslog configured on my filer but it only sends login failure messages out through syslog. Here is my syslog config.

 

Any help would be appreciated.

 

Thanks,

 

 

 

# $Id: //depot/prod/DOT/R8.0.3x/ontap/files/syslog.conf.sample#1 $

# Copyright (c) 1994-1996 Network Appliance.

# All rights reserved.

# Sample syslog.conf file.  Copy to /etc/syslog.conf to use.

# You must use TABS for separators between fields.

 

 

# Log messages of priority info or higher to the console and to /etc/messages

*.info                                  /dev/console

*.info                                  /etc/messages

 

 

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to a remote host, e.g. adminhost

# *.err;kern.*                          @adminhost

 

 

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to the local7 facility of the

# syslogd on a remote host, e.g. adminhost.

# *.err;kern.*                          local7.*@adminhost

 

 

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to a remote host, e.g. adminhost,

# at priority debug.

# *.err;kern.*                          *.debug@adminhost

 

 

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to the local5 facility of the

# syslogd on a remote host, e.g. adminhost, at priority info.

# *.err;kern.*                          local5.info@adminhost

 

 

#Remote logging to LEM

 

 

 

#*.info local7.*@XXX.XXX.XXX.XXX

#AUTH

#*.* @XXX.XXX.XX.XX

#authpriv.* local7.*@XXX.XXX.XX.XX

 

 

#kern.info local7.*@XXX.XXX.XX.XX

 

 

*.info @XXX.XXX.XX.XX

auth.debug @XXX.XXX.XX.XX

authpriv.debug @XXX.XXX.XX.XX

kern.info @XXX.XXX.XX.XX

More Like This

  • Retrieving data ...