Other Important Files Where Information is Logged
Solaris has many files that hold logging information. Most of these files are stored in the / var/adm directory. The following list of these log files briefly describes the information they contain:
/var/adm/messages The messages file holds information that prints to the console. These might include root logins and su attempts.
/var/adm/lastlog This file holds the most recent login time for each user in the system.
/var/adm/utmpx The utmpx database file contains user access and accounting information for commands such as who, write, and login. The utmpx file is where information such as the terminal line and login time is stored for access by the who command.
/var/adm/wtmpx The wtmpx file contains the history of user access and accounting information for the utmpx database. The wtmpx file keeps track of logins and logouts since reboot. The last command, described in Chapter 16, “System Security,” reads that file and processes the information.
/var/adm/acct This is the system accounting file. If enabled, the accounting file records a record for every process listing the following information: the name of the user who ran the command, the name of the command, the CPU time used, the completion timestamp of the process, and a flag indicating completion status. Accounting information can be very useful in monitoring who is doing what on your system.
/var/adm/sulog The sulog file holds records for everyone who has used the su command on the system. A + or a – sign in the fourth column of the file shows whether the su command was successful. Numerous occurrences of – signs could be an indication of an unauthorized intruder trying to guess a password. Here is a sample:
SU 04/29 09:39 + console root-daemon SU 04/29 15:29 + console root-daemon SU 05/02 05:38 + console root-daemon SU 05/12 06:20 + console root-daemon SU 05/12 07:59 + pts/1 root-bcalkins
Good system administration requires that you look over your system logs frequently and keep their size in check. Some of these files can grow extremely large and fill up a file system quickly.