Date: Tue, 15 Jan 2008 16:18:48 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Richard Bates <bates@telehouse.com> Cc: freebsd-current@freebsd.org Subject: Re: Question on security.. Message-ID: <20080115161724.U32954@fledge.watson.org> In-Reply-To: <9419F125-F8F9-4FFB-A9F0-CF59DC9278C9@telehouse.com> References: <9419F125-F8F9-4FFB-A9F0-CF59DC9278C9@telehouse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Jan 2008, Richard Bates wrote: > I know login failures are logged in /var/log/auth.log > > is there a way to log the login of users in this log say something like > > Jan 15 10:59:00 MyServer sshd[91869]: User bates authenticated from > 172.18.1.139 > Jan 15 10:59:00 MyServer sshd[91869]: User bates Disconnected from > 172.18.1.139 The normal system lastlog, accessed via last(1), does this fairly well. As you notch up the level of logging on sshd, it should also be able to do that. However, I tend to use audit for the above type of functionality, as the results are more parseable using tools like auditreduce. There's a handbook chapter on how to configure and use audit, should you be looking for something a bit more on that scale of things. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080115161724.U32954>