I had created /var/adm/loginlog and /var/log/authlog, with permission set to 600, and group is sys. Using CDE or ssh to login is not captured by loginlog, or authlog. However using telnet failed attempts are recorded in both logs. I need to configure the system in such away that ssh, and CDE will record to loginlog after 3 bad login attempts, and record every failed attempts to authlog. I already configured
SYSLOG_FAILED_LOGINS=0. Any ideas?