On Thu, Mar 31, 2011 at 3:10 PM, Tony MacDoodle <tpsdoodle@gmail.com> wrote:
Hello All,
I would like to push only the following log files to a central syslog-ng server. All clients are Solaris 10 and the syslog-ng server is also Solaris 10. IS it possible to push only this information?
wtmpx
This file DO grow, but it's a binary file. Refer to wtmpx/utmpx(5). You would most probably need to write some C program to check for changes, then read the last entry (or search for the changed entry, as I might be wrong, be understood it to be changing the previous entry when a user logs out, rather than addind a new entry)
utmpx This is a state file, more than anything else, the currently logged in users. It doesn't grow, other than to the size of the size of Number of logged in users)*sizeof(struct utmpx) as defined in <utmpx.h> (Refer to endutxent(3) and utmpx(5) ) Thus to log this, you'll be duplicating the wtmpx logging, as changes to that affects changes to this file. sulog This is "easy" as have been explained