[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: AIX 5.3 sshd logins and sudo
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: AIX 5.3 sshd logins and sudo
- From: "Nerijus Krukauskas" <nkrukauskas@xxxxxxxxx>
- Date: Thu, 11 Oct 2007 09:08:59 +0300
- Authentication-results: mx.google.com; spf=pass (google.com: domain of nkrukauskas@xxxxxxxxx designates 209.85.198.188 as permitted sender) smtp.mail=nkrukauskas@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=A10hMKlsXsawKdDixwr+CqmuWf4MoKEPUNR7sezPM/E=; b=La9hM7LNJSsb4MXQ34OghxlKYzUZ44N9PTcRkuQxbmPHuAIvJ0u+xKQ4A0Rx9F+WNze0FvVBSRUjv9HqybE6o6qiZZM7c6XrM4a1DsPEAndbW5Hf80196ofAEPVKpaXszttt0P4ZjRuJDiflK4HSpCfEPaVU07O9Us+SrJF9MXc=
Hi,
On 11/10/2007, Daniel Cid <daniel.cid@xxxxxxxxx> wrote:
> We expect:
> Oct 9 09:50:40 MACHINE sshd[229596]: Accepted password for USER from
> 172.29.14.41 port 55839 ssh2
>
> While you have:
> Oct 9 09:50:40 MACHINE auth|security:info sshd[229596]: Accepted
> password for USER from 172.29.14.41 port 55839 ssh2
>
>
> Is this something special to your AIX config? Can you change it to the
> standard format?
> Any other AIX user in here with more information on this?
Yep. AIX 5.3 that I am testing ossec on generates this:
Oct 11 08:05:46 <machine> auth|security:info sshd[323808]: Accepted
publickey for <user> from <host> port 37909 ssh2
--
http://nk99.org/
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.