Severity Level in syslog.conf - UNIX for Dummies Questions & Answers

dookeobih · #1 (**permalink**) 12-11-2001

To change the syslog.conf file to log every attempt like (Failed Login Attempts), what severity level must it be at? is it .notice or .err....not sure on this....

doeboy · #2 (**permalink**) 12-11-2001

I'm not positive, but I don't think the standard telnet daemon has provisions for logging each and every single failed login attempt. It will however log repeated login failures. (Maybe there are custom telnet daemons that will?)

Most people I know use system accounting to keep track of logins.

Your syslog facility should log repeated login failures as it is.

Basically, if a particular daemon (telnet for this case) doesn't have logging that specifically provides for logging of everything to syslog, changing the syslog.conf isn't going to do anything to help you. It only tells syslog which message levels to log and which to ignore pretty much.

I hope this isn't too confusing.

Neo · #3 (**permalink**) 12-11-2001

As I recall, telnetd and in.telnetd (your example) uses /bin/login to manage user logins. There is a configuration file for /bin/login called login.defs :

Quote:

NAME
/etc/login.defs - Login configuration

DESCRIPTION
The /etc/login.defs file defines the site-specific config-
uration for the shadow login suite. This file is
required. Absence of this file will not prevent system
operation, but will probably result in undesirable opera-
tion.

This file is a readable text file, each line of the file
describing one configuration parameter. The lines consist
of a configuration name and value, seperated by whites-
pace. Blank lines and comment lines are ignored. Com-
ments are introduced with a `#' pound sign and the pound
sign must be the first non-white character of the line.

Parameter values may be of four types: strings, booleans,
numbers, and long numbers. A string is comprised of any
printable characters. A boolean should be either the

and in the man page, the configuration for the logging behavior of /bin/login is configured (just a few examples):

Quote:

FAILLOG_ENAB (boolean)
If yes then login failures will be accumulated in
/var/log/faillog in a faillog(8) format.

FAIL_DELAY (number)
Delay time in seconds after each failed login
attempt.

Does this help, or were you looking for more generic syslog.conf information not related to login and telnetd?

LivinFree · #4 (**permalink**) 12-12-2001

Also, see if your system supports btmp. It's kind of like wtmp, but for bad logins. You can usually test this by finding your wtmp file (in my case it's in /var/log), and :

Code:

touch /var/log/btmp

Now try opening another session to your box, and purposely fail to provide the correct password. If the file grows in size, you're now keeping track of failed logins.

Although:
You must be careful who has the ability to read this file... A common scenario is when you accidentally put your password in as your username... someone who reads that file can keep an eye out for that.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Configuring syslog.conf in a TRU64 UNIX machine	adak2010	UNIX for Dummies Questions & Answers	0	04-11-2008 01:45 AM
syslog-ng.conf	Tornado	SUN Solaris	0	03-05-2008 04:37 PM
Event Monitor notification : Severity Serious : what does that mean ???	touny	HP-UX	6	03-26-2007 04:41 AM
syslog.conf	soliberus	Linux	1	08-11-2006 04:44 AM
syslog.conf file and syslogd daemon	VeroL	UNIX for Dummies Questions & Answers	1	01-09-2004 06:05 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode