Go to main content

Managing Authentication in Oracle® Solaris 11.4

Exit Print View

Updated: August 2019
 
 

How to Log PAM Error Reports

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Determine which system-log service instance is online.
    # svcs system-log
    STATE          STIME    FMRI
    online       13:11:55 svc:/system/system-log:rsyslog
    disabled     13:13:27 svc:/system/system-log:default
  2. Configure the syslog.conf file for the level of logging that you need.

    See the DESCRIPTION section of the rsyslog.conf(5) man page for information about the logging levels. Most PAM error reporting is done through the LOG_AUTH facility.

    For example, create a file for debug output.

    # touch /var/adm/pam_debuglog

    Then, add the rsyslog.conf entry to send debug output to that file.


    Note -  If the syslog service instance is online, modify the syslog.conf file.
    # pfedit /etc/rsyslog.conf
    ...
    *.debug        /var/adm/pam_debuglog
    ...
  3. Refresh the configuration information for the rsyslog service instance.
    # svcadm refresh system-log:rsyslog

    Note -  Refresh the system-log:default service instance if the syslog service is online.