Hello,

I am required for compliance to track all user account activity. Therefore I need to track logon/logoff and login failures.

I have syslog configured on my filer but it only sends login failure messages out through syslog. Here is my syslog config.

Any help would be appreciated.

Thanks,

# $Id: //depot/prod/DOT/R8.0.3x/ontap/files/syslog.conf.sample#1 $

# Copyright (c) 1994-1996 Network Appliance.

# All rights reserved.

# Sample syslog.conf file.  Copy to /etc/syslog.conf to use.

# You must use TABS for separators between fields.

# Log messages of priority info or higher to the console and to /etc/messages

*.info                                  /dev/console

*.info                                  /etc/messages

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to a remote host, e.g. adminhost

# *.err;kern.*                          @adminhost

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to the local7 facility of the

# syslogd on a remote host, e.g. adminhost.

# *.err;kern.*                          local7.*@adminhost

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to a remote host, e.g. adminhost,

# at priority debug.

# *.err;kern.*                          *.debug@adminhost

# Edit and uncomment following line to log all messages of priority

# err or higher and all kernel messages to the local5 facility of the

# syslogd on a remote host, e.g. adminhost, at priority info.

# *.err;kern.*                          local5.info@adminhost

#Remote logging to LEM

#*.info local7.*@XXX.XXX.XXX.XXX

#AUTH

#*.* @XXX.XXX.XX.XX

#authpriv.* local7.*@XXX.XXX.XX.XX

#kern.info local7.*@XXX.XXX.XX.XX

*.info @XXX.XXX.XX.XX

auth.debug @XXX.XXX.XX.XX

authpriv.debug @XXX.XXX.XX.XX

kern.info @XXX.XXX.XX.XX