[geeks] syslog not logging user logins

William Kirkland bill.kirkland at gmail.com
Tue Oct 3 01:52:35 CDT 2006


The typical place for login/logout events to be logged is in wtmp on  
most unix nodes.  You should be able to confirm this by checking the  
man page.

On Oct 2, 2006, at 12:34 PM, geeks-request at sunhelp.org wrote:

> Message: 3
> Date: Mon, 02 Oct 2006 11:48:18 -0700
> From: Jeff Cole <jeff at flambe.org>
> Subject: [geeks] syslog not logging user logins
> To: geeks at sunhelp.org
> Message-ID: <20061002184818.GG28982 at novylen.net>
> Content-Type: text/plain; charset=us-ascii
>
> I've got a Solaris 9 box that refuses to log ssh logins, despite the
> fact that auth.notice    /var/adm/messages is in syslog.conf.
>
> I checked sshd_config, confirmed that auth.notice is the logging
> facility, I've copied the syslog.conf file from a system where it  
> is working, all to no avail.
>
> sudo commands get logged to there:
>
> Oct  2 14:38:06 wdchqdwwwd02 sudo: [ID 702911 auth.notice]    (user) :
> TTY=pts/3 ; PWD=/export/home/(user) ; USER=root ; COMMAND=/bin/bash
>
> but no ssh logins.
>
> Ideas?
>
> Jeff
>
>
> -- 
> It's not working because:  bugs in the RAID

William Kirkland
bill.kirkland at gmail.com



More information about the geeks mailing list