Canmove, confirm
937
edits
Changes
→Access to syslog Messages
The NSS module may use the Unix <code>syslog()</code> function and the audit mechanism provided by the operating system to audit events. Access to the audit data is described in the next two subsections.
====Access to syslog MessagesLog Files====
On Unix (including Linux and Mac OS X), the NSS module uses the <code>syslog()</code> function to audit events, so the NSS audit data are stored in the system log. Only the root user can modify the system log. On some platforms, only the root user can read the system log; on other platforms, all users can read the system log.
'''Red Hat Enterprise Linux 4''': The <code>/etc/syslog.conf</code> file on Red Hat Enterprise Linux 4 has:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
which specifies that <code>/var/log/messages</code> is the system log file. The permission bits of the system log are:
$ ls -l /var/log/messages
-rw------- 1 root root 38054 Jun 9 10:18 /var/log/messages
'''Solaris 10''': The <code>/etc/syslog.conf</code> file on Solaris 10 has:
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
which specifies that <code>/var/adm/messages</code> is the system log file. The permission bits of the system log are:
$ ls -l /var/adm/messages
-rw-r--r-- 1 root root 0 Jun 7 03:10 /var/adm/messages
