Please tell me what does each field stand for in the below log
AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please tell me what does each field stand for in the below log
Hi all,
I have this log below, Please tell me what does each of the field stand for so that i can have a better understanding of the logs.
Feb 17 09:40:55 tokenesb01 auth|security:notice su: from root to mqm at /dev/tty??
Feb 17 09:41:25 tokenesb01 auth|security:notice su: from root to db2insp3 at /dev/tty??
Feb 17 09:41:32 tokenesb01 auth|security:notice su: from root to mware at /dev/tty??
Also provide me with any possible links on the above log fields
My knowledge of AIX is quite limited (and somewhat outdated), but syslog is more or less syslog on any *NIX system.
Examining the first line of your log file, "Feb 17 09:40:55" is obviously the date and time. The next field (tokenesb01) is the hostname.
Then follows a composite field containing what I believe to be the subsystem and category of the log entry ("auth|security") and the syslog severity level ("notice").
The next field is the name of the process generating the entry ("su"), and the remainder of the line ("from root to mqm at /dev/tty??") is the actual log entry.
They are user names. The log entries occur because root (or a process running as root) is using "su" to change into other user identities.
This could be perfectly normal. Check the documentation for the software using the respective accounts accounts, because they don't seem to be regular user accounts (a quick Google search revealed that "mqm" is probably related to WebSphere MQ Workflow or WebSphere Process Server, i'm willing to bet that "db2insp" has something to do with db2, but I have no suggestions as to what "mware" could be).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.