Cisco Headend Digital Broadband Delivery System
Chapter 6 Security Event Logs and Auditing
50
4034689 Rev A
Security Event Logs
Security event logs are automatically generated by the system. The standard security
event logs are located in the /var/log/authlog file. This file logs the following events:
event logs are located in the /var/log/authlog file. This file logs the following events:
SSH
SFTP
Successful and failed login attempts
Note: You need to be logged in as root user to access the /var/log/authlog file.
Other log files you can monitor for security, along with their security restrictions:
/var/adm/sulog: Records all su commands. Root user only.
/var/adm/messages: Records messages from the kernel and daemons. All users
can read.
can read.
/var/log/syslog: Records messages from sendmail and other processes. All users
can read.
can read.
/var/audit/: Directory that contains all audit files including all security-related
events, for example: logins and logouts, user actions, etc. Root user only.
events, for example: logins and logouts, user actions, etc. Root user only.
/var/apache2/logs: Directory that contains the Apache web server log files which
include Administrative Console web access events. All users can read.
include Administrative Console web access events. All users can read.