[ale] Login logging
Robert Hoffman
hoffmanrob at yahoo.com
Thu Dec 23 18:50:12 EST 1999
This is all logged by default in /var/log/messages.
You can sort out all login related info from your log
with something like: tail -100 /var/log/messages |
grep login. You could sort out just the failed logins
by grepping the word 'failed'.
There is also a command called 'last' which will list
all previous login sessions, who logged in, their
duration, and where they logged in from. It will also
list the ip address of any failed login attempts.
Also, I think the program called 'HostSentry' will
monitor these logs real-time and proctect and notify
you of strange user behaviour. It's made by the same
guys who make PortSentry. I haven't used it yet.
Hope this helps.
-Rob Hoffman
--- "Brian J. Dowd" <bdowd at dentfirst.com> wrote:
> Can someone point me to info on how I can initiate
> 1) logging failed login attempts along with
> incorrect passwords
> 2) logging successful logins (other than su's)?
>
> --
> To unsubscribe: mail majordomo at ale.org with
> "unsubscribe ale" in message body.
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list