Posted on 2006-10-23
I am trying to find out who logged into our system and rebooted the system... The entry in the /var/adm/sulog file is:
SU 10/21 03:27 + console root-daemon
Which appears that someone walked up to the console and logged into root (right before it rebooted).
Here are my questions:
Is there any other way that the above entry would appear other that what I assume?
Is there a way to log the enties (or commands) that was entered by root? (other than using sudo).
Are there any other logs available to help research this issue?
FYI... We are running Sun Solaris 2.6