Hi all,

I have this log below, Please tell me what does each of the field stand for so that i can have a better understanding of the logs.

Feb 17 09:40:55 tokenesb01 auth|security:notice su: from root to mqm at /dev/tty??
Feb 17 09:41:25 tokenesb01 auth|security:notice su: from root to db2insp3 at /dev/tty??
Feb 17 09:41:32 tokenesb01 auth|security:notice su: from root to mware at /dev/tty??

Also provide me with any possible links on the above log fields

Require your immediate reply

My knowledge of AIX is quite limited (and somewhat outdated), but syslog is more or less syslog on any *NIX system.

Examining the first line of your log file, "Feb 17 09:40:55" is obviously the date and time. The next field (tokenesb01) is the hostname.

Then follows a composite field containing what I believe to be the subsystem and category of the log entry ("auth|security") and the syslog severity level ("notice").

The next field is the name of the process generating the entry ("su"), and the remainder of the line ("from root to mqm at /dev/tty??") is the actual log entry.

1 members found this post helpful.

Hi, thanks for your help. Can u plz tell me what does "mqm", "db2insp3" and "mware" stand for????

They are user names. The log entries occur because root (or a process running as root) is using "su" to change into other user identities.

This could be perfectly normal. Check the documentation for the software using the respective accounts accounts, because they don't seem to be regular user accounts (a quick Google search revealed that "mqm" is probably related to WebSphere MQ Workflow or WebSphere Process Server, i'm willing to bet that "db2insp" has something to do with db2, but I have no suggestions as to what "mware" could be).

1 members found this post helpful.

Thank you Olmy.. Will check into that and will get back if I have any more queries..