Hi,
i'm trying to configure /etc/syslog.conf for log user access.
In debian i add:
auth,authpriv.* @serverName
I don't know the correct Aix syntax for syslog 
My @serverName get the log successfully..
I need to log correct/incorrect login attempts.
Thanks
You can use auth.debug in AIX.
Please see the detail in this link.
Thanks for help ;).
I just try use auth.debug, but i log ONLY failed login(i need to log successful one):
out.log:
May 17 09:24:58 ServerName syslog: pts/1: failed login attempt for root from lanIp
My /etc/syslog.conf:
auth.debug /tmp/out.log rotate size 100k
My AIX version is 5.2.
Tnks,
Hank
The information about successful logins/logouts is stored in "/var/adm/wtmp". You might want to consult the manpage of "last", which prints out reports of this file (and other files formatted the same way).
As a last resort (and if nothing better comes up) you could create a daemon based on this command and let this write to the SYSLOG facility.
I hope this helps.
bakunin
Thanks 
Additional info to check failed login users:
# who -aH /etc/security/failedlogin | pg
Hope this helps.
Rgds,
Fadzli
Malaysia