Enabling Logging
Logging is one tool that you, as a system administrator, can use daily. Logging provides you with a means to determine if your system is operating optimally, determine a chain of events for problems, and, if handled properly, provide forensic evidence if your system has been compromised.
By default, a Solaris system logs to the /var/adm directory. At a minimum, you can enable additional logging by creating two additional log files—/var/adm/sulog to log unsuccessful su attempts, and /var/adm/loginlog to log consecutive failed login attempts.
These files are by no means the extent of logging you can enable on a Solaris system. You can configure your syslogd in a way that allows you to examine the activities of each daemon that ...
Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
