Sharat Kayapanda wrote:
> Hey,
>
> I'm working on developing a Misuse detection system.For this i make use of
> the audit data generated in syslog file.The problem here is it does'nt
> record all information that i want.For instance when somebody fingers from
> a remote host ... the syslog does'nt record the target user name.
>
> Eg: disney/Ram$ finger sharat@ra
>
> here: disney -> source machine Ram -> source user
> ra -> target machine sharat -> target user
>
>
> I want to log the target user name also,how do i do that.
I wonder who of us needs (new) glasses:
When I issue 'finger joey@finlandia', I see the following in syslog:
Mar 31 22:32:56 finlandia cfingerd[17269]: connect from 217.89.86.34
Mar 31 22:32:56 finlandia cfingerd[17269]: joey fingered from joey@finlandia.infodrom.north.de
Details:
Mar 31 22:32:56 finlandia cfingerd[17269]: connect from 217.89.86.34
Created by tcpd which starts cfingerd.
Mar 31 22:32:56 finlandia cfingerd[17269]: joey fingered from joey@finlandia.infodrom.north.de
~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
target username source of fingering.
Regards,
Joey
-- If you come from outside of Finland, you live in wrong country. -- motd of irc.funet.fi
This archive was generated by hypermail 2.1.3 : Sun Mar 31 2002 - 22:42:18 CEST