In #190215, Reinhard Mueller suggests that su logs
successufl/unsuccessful logins through syslog.
He suggests the following matrix:
successful unsuccessful
non-root user LOG_INFO LOG_NOTICE
root user LOG_NOTICE LOG_WARNING
The user on the left being the user *after* the su (or the user which
was failed to become).
Though this is in general a good suggesiton, imho., this does not
follow PAM behaviour where successful authentication is logged as
LOG_INFO and unsuccessful is logged as LOG_NOTICE.
I suggest keeping this and thus implementing the following simple
matrix:
successful unsuccessful
any user LOG_INFO LOG_NOTICE
My patch to sulog.c for this is ready and waits for comments ?
--
