Login or Register to Ask a Question and Join Our Community


Linux

ssh ip logs

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux ssh ip logs
# 1  
Old 02-05-2010
ssh ip logs
Hi All,

Where can I find the ssh logs the list of IPs connected (or failed) to the server?

Or I need to enable that on openssh? Where?

Right now, I can only see failed login on /var/log/messages like below

HTML Code:
Feb  5 17:30:12 localhost pam_tally[18936]: pam_tally: pam_get_uid; no such user admin
Feb  5 17:30:12 localhost PAM-Wheel[18936]: unknown user admin
Feb  5 17:33:59 localhost pam_tally[20027]: pam_tally: pam_get_uid; no such user admin2
Feb  5 17:33:59 localhost PAM-Wheel[20027]: unknown user admin2
Thank you for any comments you may add.

---------- Post updated at 05:46 PM ---------- Previous update was at 05:41 PM ----------

Still no luck. The admin user that I'm investigation is not on /var/log/secure*.

I wonder where it coming from, I checked all the crontab scripts, it's not there.

---------- Post updated at 06:15 PM ---------- Previous update was at 05:46 PM ----------

Where is this coming from

HTML Code:
Feb  5 17:30:12 localhost pam_tally[18936]: pam_tally: pam_get_uid; no such user admin
Feb  5 17:30:12 localhost PAM-Wheel[18936]: unknown user admin
No log on /var/log/secure. I tried ssh, ftp and sftp. Everything is being log on secure but the log coming from admin is no where log on secure. That admin2, I'm the one who did that but it's log on secure.
Last edited by itik; 02-05-2010 at 07:28 PM..
# 2  
Old 02-06-2010
how about /var/log/auth.log
# 3  
Old 02-08-2010
Nope, it's not there too because I did below

cd /var/log

grep admin *

and that didn't get any findings

and that log didn't exist on my red hat ent 4...
# 4  
Old 03-08-2010
Simple way of seeing the machine access log - last
Hi,

You can excute the last command

#last with various options to see who are all the users logged into the system via ssh and also locally.

Thanks,
R.Gopinath
Last edited by pludi; 03-09-2010 at 02:10 AM.. Reason: removed self promotion
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

2. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

3. Shell Programming and Scripting

If I ran perl script again,old logs should move with today date and new logs should generate.

Appreciate help for the below issue. Im using below code.....I dont want to attach the logs when I ran the perl twice...I just want to take backup with today date and generate new logs...What I need to do for the below scirpt.............. 1)if logs exist it should move the logs with extention... (1 Reply)
Discussion started by: Sanjeev G
1 Replies

4. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

5. HP-UX

Suppress SSH login logs of a user

Hi, I want to suppress ssh login logs of a particular user to get logged in /var/adm/syslog/syslog.log As am using a user to monitor a server over ssh in 5 miute interval..and that creating un-necessary logs in my syslog.log file .. Please help me if there any way I can suppress this logs only... (6 Replies)
Discussion started by: Shirishlnx
6 Replies

6. Shell Programming and Scripting

Email alerts whenever someone logs into server via SSH any user?

Hi all, Thanks in Advance!! I dont know how to start to write script for this process, my requirement is if any user logs into server automatically Admin get mail alert. how is this possible? any one guide me to complete this process. (1 Reply)
Discussion started by: anishkumarv
1 Replies

7. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

8. Shell Programming and Scripting

Grep yesterday logs from weblogic logs

Hi, I am trying to write a script which would go search and get the info from the logs based on yesterday timestamp and write yesterday logs in new file. The log file format is as follows: """"""""""""""""""""""""""... (3 Replies)
Discussion started by: harish.parker
3 Replies

9. UNIX for Dummies Questions & Answers

SSH logs off and Client pptp goes off as well

Hi , I am a newbie to unix,linux i have a fedora core 4 linux. I had set it up as a pptp vpn client to a windows pptp server. Everything was working fine. Recently i saw that there were many attempts to hack into the root login using ssh. so i changed the ssh port,the ssh portocol to 2. And... (0 Replies)
Discussion started by: qais
0 Replies
Login or Register to Ask a Question