Auditing (Message Logging)
The Reflection for Secure IT server provides the following auditing services, which are always enabled.
- Login history
- Currently logged in users
- Failed logins
Output locations are platform-dependent. For details refer to the following table.
Platform |
Login history |
Current login |
Failed login |
HPUX (11.11, 11.23) PARISC |
/var/adm/wtmp |
/etc/utmp |
/var/adm/btmp |
HPUX (11.23, 11.31) Itanium |
/var/adm/wtmps |
/etc/utmpx |
/var/adm/btmps |
AIX 5.2, 5.3, 6.1 |
/var/adm/wtmp |
/etc/utmp |
/etc/security/ /etc/security/ |
Solaris 8, 9, 10 |
/var/adm/wtmpx |
/var/adm/utmpx |
/var/adm/ |
RHEL 3, 4, 5 |
/var/log/lastlog /var/log/wtmp |
/var/run/utmp |
/var/log/btmp |
SLES 9, 10 |
/var/log/wtmp |
/var/run/utmp |
/var/log/btmp |
Keywords for Configuring Auditing
To |
Use |
Output Location |
Notes |
View server event messages |
LogLevel |
syslog |
After the configuration file is read, messages go to syslog. |
|
SftpLogCategory |
syslog (default) |
|
View sftp-server event messages |
SftpSyslogfacility |
-- |
Use SftpSyslogFacility to send sftp- server messages to a specified alternate file (rather than the default facility file). You may want to do this to avoid populating the default file with these messages. |
Change default facility code |
SyslogFacility |
N/A |
This setting specifies the facility code used for logging messages from the server. The default is `AUTH'. This value must correspond to how syslogd is configured. |
Notes:
- Some platforms write to more than one file.
- On some Linux systems, btmp is not present. The server writes to this database if it is present.
 |
||
| Last updated: 11-Mar-09 | ||