Excuse my ignorance as I am very new to working with Solaris.
I'm looking for documentation on how to create a network log in Solaris 10 & 11. I don't wish to edit any of the logs currently the system. I simply want a log that will capture all incoming IP addresses and log them with a time-in and time-out. I would write a script to extract that information from an existing log but I can find no logs on the system with the information I require.
I have found plenty of documents explaining logging for Solaris systems but none I can understand at my level of experience.
Do you have experience of other Unix/Linux systems and are just learning Solaris?
I'm trying to judge the level of help you need.
Solaris comes with standard 'logging' much the same as other OS's but what you asking for in Solaris speak is 'auditing'. You are probably not finding it because you are not searching for that.
Thank you, it definitely helps to search for the correct terms! So from looking online some, it seems I will need to edit a configuration file to create a new audit. Im having some trouble understanding exactly what everything means just from oracle docs. Now looking for a write-up of how to add another audit. Ideally this audit would create a log that would contain the IP address connecting (incoming only), the time-in, and the time-out. From my understanding this information would be stored in binary. I can convert that to a readable format but hoping there is a way to configure the log to be in readable text (like a tab delimited array).
currently the main OS is Solaris 10 but will be working exclusively in Solaris 11 come 2021.
edit:
My sysadmin is telling me all TCP would probably more than I would want. Mainly I want to log all Telnet and SSH connections. Possibly also all FTP connections.
You do not need auditing.
All system access should go through PAM. The standard PAM logging is already a (wrong) comment in /etc/syslog.conf:
Activated it looks like this:
You will notice a combination of hostnames and IP Addresses, this is dependent on how the DNS is configured.
Depending on how your logging is setup, you may have to filter the output as there can be more data than you require captured.
Some configuration of the services can be done using inetd and inetadm should you require more details on this then using the man utility is probably where to start.
It should be noted that these files can be very large and any operations on the files can take a significant time, particulary when searching through them and extracting data. The availability of the data may also be limited due to the log rotation policy.