Hello, I have been struggling with this and have not found any
solutions yet. NISPOM Chapter 8 requires me to have log accounts of
all account lockouts. While the account lockout policy is set, I am
unable to figure out the syntax for the watches to add to audit.rules
that will show the account lockout event. I have to be able to do
this for about 150 systems.
Is it possible to track account lockouts by event or pid? If so, what
are the ids for account lockouts for RHEL4 and RHEL5?
Thank you for your help!
Starr-Renee Corbin
Applied Research Lab
The University of Texas at Austin
512-835-3628
