Hi,
I want to write a script to send alert by email whenever any failed login to the AIX. Can anyone tell how to do that?
Thanks!
Victor
Hi,
I want to write a script to send alert by email whenever any failed login to the AIX. Can anyone tell how to do that?
Thanks!
Victor
Since nobody else has answered I'll take a shot at it for you (my scripting isn't always the best but this worked on my workstation).
I didn't know of any other way to do this - but you can't easily use /etc/security/failedlogin file because it isn't a regular text file (you have to use 'who' to read it).
add the following line to the end /etc/syslog.conf
auth.debug /logs/userauth.log rotate size 10m files 4
touch /logs/userauth.log
refresh -s syslogd
Create a script that constantly watches /logs/userauth.log for new lines - something like:
# vi logwatch.sh
LOG=/logs/userauth.log
echo "\n\n" >> ${LOG}
tail -1 -f ${LOG} |
while read LINE
do
case "${LINE}" in
failed)
echo ${LINE} | mailx -s "Failed login" me@mail.com ;;
esac
done
HTH