Skip to content


How to monitor telnet traffic in AIX

1. Create /etc/security/authlog file containing the following lines:

#!/usr/bin/ksh 
/usr/bin/logger -t tsm -p auth.info "`/usr/bin/tty` login from $@ " 

2. Make it executable

# chmod +x /etc/security/authlog 

3. Modify the "/etc/security/login.cfg" file adding the following two lines just under the default: stanza.

authlog: 
program = /etc/security/authlog 

4. Modify the field "auth2" in the "/etc/security/user" file:

default: 
...
auth2 = authlog 
...

The above can be done for all the users by the default: or for a specific user modifying only the correspondent user stanza.

5. Configure syslogd to log the information:

# vi /etc/syslog.conf 
...
*.info /var/adm/authinfo.log
...

6. Create the logfile

# touch /var/adm/authinfo.log

7. Restart syslogd

# stopsrc -s syslogd 

# startsrc -s syslogd

8. Log in and check the authinfo.log:

# cat authinfo.log 

You should see the successful logins.

Posted in AIX.

Tagged with , , .


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Sebastian says

    Telnet should only be used for port checking in these days, it’s to insecure with lots of people sniffing on the (internal and external) networks.



Some HTML is OK

or, reply to this post via trackback.

WordPress Anti Spam by WP-SpamShield



Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.