>> Actually, AIX has quite good auditing features for Unix. It can include >> quite a bit of detail, including what commands a particular user is using >> and at what time. Almost noone uses the entire auditing features because >> it gives too much information and can slow the system response time noticably. >True, but if you're trying to watch particular users or areas of the system for >suspicious activity, such as a hacker, then these sorts of audit trails are >just what the doctor ordered. For the benefit of those of us without access to >AIX, could you give us a brief description of the sorts of auditing that is >available? Try looking at http://beaver.fu-q.com/nomad/faqs/aix which covers most of the basics.