Page 1 of 1
SU Alerts
Posted: 21 Dec 2006, 15:15
by mickalo
Hello Chirpy,
would it be possible to add the IP address for SU alerts. I though if I just added the shortcut [ ip ] in the email alert it may put the IP in there, but it doesn't. IE:
Code: Select all
lfd: SU login alert - Successful login from admin to root
Time: Thu Dec 21 09:09:28 2006
From: admin
To: root
Status: Successful login
IP: [ip]
as we now disabling direct root logins and it would be handy, when an alert is sent, that the IP is included.
TIA,
Mickalo
Posted: 21 Dec 2006, 21:14
by chirpy
Hi,
I'll look into it. It'll require a bit of work to identify the IP address as the log record doesn't mention the IP address unfortunately.
Posted: 21 Dec 2006, 21:18
by mickalo
chirpy wrote:Hi,
I'll look into it. It'll require a bit of work to identify the IP address as the log record doesn't mention the IP address unfortunately.
nothing to get too excited about .... just one of those "nice to have" bits of info
Happy Holidays!
Mickalo
Posted: 22 Dec 2006, 23:15
by chirpy
I've looked into this some more. Looks like it's no possible to reliable tie together the IP address of the original login to the su activation from the information provided in the logs. This one may have to go on the back burner unfortunately.
Posted: 22 Dec 2006, 23:22
by mickalo
chirpy wrote:I've looked into this some more. Looks like it's no possible to reliable tie together the IP address of the original login to the su activation from the information provided in the logs. This one may have to go on the back burner unfortunately.
No worries
with very limited access to shell, it's not that big of a deal. Just myself and two associates who have access to the server. But do appreciate the effort in looking into it.
Mickalo