COMMAND

    security logging

SYSTEMS AFFECTED

    Solaris 2.6

PROBLEM

    Ruth Milner posted  following.  Under  Solaris 2.x, login  failure
    information is  not all  logged in  one place.  The tty and remote
    source host, if any,  are written to /var/adm/messages,  while the
    account name that was attempted, along with the tty but *not*  the
    source  host,  is  logged  in  /var/adm/loginlog  *if  it exists*.
    /var/adm/loginlog  is  not  created  by  default  when  the  OS is
    installed; it has to be touched  and should be mode 600.   Solaris
    2.6 does not write anything  in /var/adm/loginlog even if it  does
    exist.

SOLUTION

    There is a patch for this problem with 2.6:

        Patch-ID# 105665-01