Var adm messages solaris 10 not updating
An entry is added to the sulog file every time the su command is executed.
The fields in sulog are: date, time, successful ( ) or unsuccessful (-), port, user executing the su command, and user being switched to.
Because log files often provide the only indication of an intrusion, intruders often attempt to erase any evidence of their activities by removing or modifying the log files.
For this reason, it is very important that your log files be adequately protected to make it as difficult as possible for intruders to change or remove then.
The /var directory is thus often on a partition that is local to the system.
There may be other application-specific log files that you will also need to inspect.
However, it is beyond the scope of this implementation to describe all of the log files that you might want to inspect for your specific Solaris installation.
The generic Solaris installation includes a messages aren't logged anywhere.
All of the log files described below can be found in subdirectories under /var.
Search for var adm messages solaris 10 not updating:
Follow this procedure to create and configure the file /var/adm/loginlog for unsuccessful login attempt logging: This entry indicates that a user attempted to log in as user adm on port /dev/pts/9 on May 5 at P. The last command displays login/logout and system boot information in time sequence order.