Hi, managers...
I've search for awhile on the archives, but end to no conclusion.
Q: How and where do I get logs of bad logons to the system? Or piracy, or
bad users trying to enter the system...
I've set the syslog this way:
For every facility, I've got this (example for mail):
mail.debug /var/adm/syslog.dated/mail.log
On mail.log I only get the connection to the telnetd:
Jul 23 15:18:53 foo telnetd[17280]: connect from bar.domain
On damon.log I get stuff from sshd, but nothing conclusive.
But this appears if the user has sucess or not, in entering the system.
And there is no other file with logs from telnetd/sshd.
I'm pleased if you can help me, and will (as allways) summarize it :)
Have fun,
Joao Rochate
-------------------------------------------------------
Joao Pedro Rochate | EMail: jrochate_at_ualg.pt
Servicos de Informatica | URL: w3.ualg.pt/~jrochate
Universidade do Algarve | Phone: +351 (0)89 800 961
8000 Gambelas - FARO | ISDN: +351 (0)89 860 125
P O R T U G A L (pt) | GSM: +351 (0)931 950xxxx
-=[
http://www.ualg.pt ]=- | Fax: +351 (0)89 860 129
-------------------------------------------------------
Eng. de Sistemas e Computacao - UCEH - Univ. do Algarve
Received on Fri Jul 23 1999 - 14:33:32 NZST