Date: Sat, 2 Mar 2002 20:16:40 -0500 (EST) From: Peter Leftwich <Hostmaster@Video2Video.Com> To: Steven Lake <raiden@shell.core.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Logging of "last login" [/etc/rc.conf|syslog.conf] Message-ID: <20020302200421.G80295-100000@earl-grey.cloud9.net> In-Reply-To: <15489.29946.665625.471981@guru.mired.org>
index | next in thread | previous in thread | raw e-mail
Hi Steven. On my system, I edited /etc/rc.conf and enabled process-accounting (which I'd gander is the same as accton): ### Miscellaneous administrative options ################### [snip] dumpdir="/var/crash" # D accounting_enable="YES" # Turn on process accounting (or NO). I believe you can also put a line in your /etc/syslog.conf file for: *.* /var/log/everything.log or something similar. Familiarize yourself with "man utmp" "man wtmp" and "man last" too. Hope these help. P.S. Speaking of /etc/syslog.conf - mine stopped logging outbound sendmail in /var/log/maillog! Does anyone know how to fix/restore this? Also, what should the LOGlevel be -- is set to 9 right now -- in my sendmail.cf file (I can't remember where it is)? -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 On Sat, 2 Mar 2002, Mike Meyer wrote: > Return-Path: <owner-freebsd-questions@FreeBSD.ORG> > Received: from mail6.registeredsite.com (mail6.registeredsite.com > [64.224.9.22]) > by russian-caravan.cloud9.net (Postfix) with ESMTP id 721BC28BC8 > for <pete@cloud9.net>; Sat, 2 Mar 2002 19:57:47 -0500 (EST) > Received: from mail.video2video.com (mail.video2video.com [209.35.10.22]) > by mail6.registeredsite.com (8.12.2/8.12.2) with ESMTP id > g230vl9D012054 > for <pete@cloud9.net>; Sat, 2 Mar 2002 19:57:47 -0500 > Received: from mx2.freebsd.org [209.35.10.22] by mail.video2video.com > (SMTPD32-6.06) id A50A193400D8; Sat, 02 Mar 2002 19:57:46 -0500 > Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18]) > by mx2.freebsd.org (Postfix) with ESMTP > id 80DA25548D; Sat, 2 Mar 2002 16:57:36 -0800 (PST) > (envelope-from owner-freebsd-questions@FreeBSD.ORG) > Received: by hub.freebsd.org (Postfix, from userid 538) > id 2C4A737B416; Sat, 2 Mar 2002 16:57:34 -0800 (PST) > Received: from localhost (localhost [127.0.0.1]) > by hub.freebsd.org (Postfix) with SMTP > id D2AF82E8083; Sat, 2 Mar 2002 16:57:33 -0800 (PST) > Received: by hub.freebsd.org (bulk_mailer v1.12); Sat, > 2 Mar 2002 16:57:33 -0800 > Delivered-To: freebsd-questions@freebsd.org > Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) > by hub.freebsd.org (Postfix) with SMTP id 80BC637B402 > for <questions@freebsd.org>; Sat, 2 Mar 2002 16:57:31 -0800 (PST) > Received: (qmail 96775 invoked by uid 100); 3 Mar 2002 00:57:31 -0000 > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > Message-ID: <15489.29946.665625.471981@guru.mired.org> > Date: Sat, 2 Mar 2002 18:57:30 -0600 > To: Steven Lake <raiden@shell.core.com> > Cc: questions@FreeBSD.ORG > Subject: Re: Logging of "last login" > In-Reply-To: <9807177@toto.iv> > X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid > X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L, > Yg`+vb1>RG% > *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ > From: "Mike Meyer" <mwm-dated-1015549051.4dd95c@mired.org> > X-Delivery-Agent: TMDA/0.48 (Python 2.2 on freebsd4) > Sender: owner-freebsd-questions@FreeBSD.ORG > List-ID: <freebsd-questions.FreeBSD.ORG> > List-Archive: <http://docs.freebsd.org/mail/>; (Web Archive) > List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) > List-Subscribe: > <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions> > List-Unsubscribe: > <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions> > X-Loop: FreeBSD.ORG > Precedence: bulk > > Steven Lake <raiden@shell.core.com> types: > > Hi all. Silly question. Does Fbsd log the "last login" message for telnet, console, and ssh sessions? Like where it will say something like "Last login: Sat Mar 2 15:25:49 2002 from my.domain.com" at the top of your screen when you login. I'm trying to track all logins on one of our servers to look for security breaches or unauthorized logins and to track some other stuff, so I'm trying to figure out what's logged as far as logins go. > Others have pointed out the last command, which gives everything you asked about. If you want more detailed information, enable system accounting via accton. That will record every command exec'ed on the system, and is really usefull in tracking down problem users. > <mike > -- > Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ > Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020302200421.G80295-100000>