SLES server won't log login information by default
This document (7002758) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 10
1. Install auditd.
If you install auditd, by default it will log login information to /var/log/audit/audit.log.
NOTE: If you install auditd, it doesn't enable logging by default, you must use the command 'auditctl -e1' each time you restart the server or auditd, or you can put the '-e1' in the /etc/audit/audit.rules file and it will be persistent across boots.
2. Configure pam to log authentication information:
If you edit the /etc/pam.d/common-sessions file, and add 'session required pam_warn.so' at the bottom, this will send authentication information to the /var/log/messages file.
Note: If you are using NetIQ Sentinel, there is a script included (wtmpsetup) in the SLES Collector Pack which will monitor the wtmp and btmp files for logins and generate a suslog message to record the activity.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7002758
- Creation Date: 02-Apr-2012
- Modified Date:10-Mar-2021
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org