Hi, I'm trying to write a script for parsing log files on a Debian Slink system, and I have a few questions:
1. When someone su's to root, where is that event logged? auth.log? 2. What exactly is the purpose of the debug file? They look like error messages, but what makes them different from the ones in other *.err files? 3. Is there anything like the PAM_pwdb type info on a RHL system? Something that tracks failed logins, successful su's, remote sessions, and so forth? Is this already logged to someplace else? 4. Where do the identd requests show up? Thanks much!! -- David S. Jackson http://www.dsj.net =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "Mary had a little key (It's all she could export), and all the email that she sent was opened at the Fort." -- Ron Rivest (?)
