Turning On Remote Access Logging

Turning On Remote Access Logging

Several network daemons have an option that lets you log remote accesses to the station log file /var/adm/SYSLOG by using syslogd. Sites connected to the Internet should use this feature. To enable logging for ftpd, tftpd, and rshd, edit /etc/inetd.conf and add "-l" after the right-most instance of ftpd and tftpd. Add "-L" after the right-most instance of rshd. For additional ftp logging, add "-ll" to the ftpd entry. Signal inetd to reread its file after you have added your changes:

/etc/killall -HUP inetd

Remote logins by means of rlogin, telnet, and the 4DDN sethost programs can be logged by login. Edit /etc/default/login and add the keywords "SYSLOG=ALL" or "SYSLOG=FAIL" to it. For example, this command in the login file logs successful and failed local and remote login attempts to syslogd:

syslog=all

See the login(1) reference page for details.