How to Track Users on Solaris

So you want to check who have ever accessed your Solaris system. Tracking or monitoring users on a system is quite an important part of ‘Solaris Adminstrators’ role.

There are two parts to it:

– Who is currently logged in

– Who has previously accessed this machine

To the details of users who are currently logged in to the system, fire the following command:

# who

This gives the limited details of the user logged in. If you also want to know who is running what program, there is another command:

# w

But this is only about the users who currently logged in to the system. What about if they logged out some time back. Or if they used your system when you were not monitoring? No worry …

# last

This command records all login and logouts. So you may have to use more or less to control the output.

There is one more log that keeps record of user switching. So if anybody has used su command to swith to some other user it will keep a log of it under /var/adm/sulog. You can cat this file to see the output.

# cat /var/adm/sulog

SU 06/26 16:25 + syscon root-root

SU 06/26 17:39 + syscon root-root

SU 07/02 11:11 + console root-sysadmin

SU 07/02 11:19 + console root-mgreen

SU 07/07 09:11 + pts/1 sysadmin-root

SU 07/08 10:45 + pts/4 testuser-root

So if somebody logged in as root directly then it would come under last command and if someone is logging in as normal user but later switching to root with ‘su’ command you can check that in the sulog.

Now you have complete information of users logging in to your system.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: