Also, see if your system supports btmp. It's kind of like wtmp, but for bad logins. You can usually test this by finding your wtmp file (in my case it's in /var/log), and :
Now try opening another session to your box, and purposely fail to provide the correct password. If the file grows in size, you're now keeping track of failed logins.
Although:
You must be careful who has the ability to read this file... A common scenario is when you accidentally put your password in as your username... someone who reads that file can keep an eye out for that.
Hi all
I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Hi I received this mail (root) on my hp-ux 11.00.
>------------ Event Monitoring Service Event Notification ------------<
Notification Time: Thu Mar 22 08:41:28 2007
hostname sent Event Monitor notification information:
/storage/events/disks/default/0_0_1_1.0.0 is >= 3.
Its current value... (6 Replies)
Hi everybody,
i have a little problem...
I have two server srv01 and srv02.
srv02 have a syslogd server onboard and listen on 515... not on 514 (it's busy).
How i configure the syslog.conf of srv01 for send logs on srv02:515 ???
Now i have on srv01:
*.* @srv02
if i write:
*.* ... (0 Replies)
Has anyone here configured a central syslog server using syslog-ng ?
I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different.
So if you have a Solaris... (5 Replies)
Hi Everyone,
I just wanted to know about the below entry in syslog.conf in Solaris 10:
kern.notice @destserver
Now the log will be redirected to destserver. But I want to know the location on the destserver where this log will be thrown.
Thanks in Advance,
Deepak (4 Replies)
I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. ... (4 Replies)
I would like to configure the syslog.conf to have a good monitoring information about my system.
do you have any idea about best configuration from your experience in your Data Centers
BR, (5 Replies)
Hi,
I would like to configure syslog linux client, syslog server is windows server.
so adding on linux client in /etc/syslog.conf @hostname will work in the place of directory location.
example of /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up... (2 Replies)
Hi Community
Which are the available entries to forward syslog in syslog.conf
i have put
*.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50
and it's not going through.giving error message like below:
syslogd:... (2 Replies)
Discussion started by: bentech4u
2 Replies
LEARN ABOUT SUSE
lastb
LAST,LASTB(1) Linux System Administrator's Manual LAST,LASTB(1)NAME
last, lastb - show listing of last logged in users
SYNOPSIS
last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...]
DESCRIPTION
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and
out) since that file was created. Names of users and tty's can be given, in which case last will show only those entries matching the
arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usu-
ally control-), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was
created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
OPTIONS -f file
Tells last to use a specific file instead of /var/log/wtmp.
-num This is a count telling last how many lines to show.
-n num The same.
-t YYYYMMDDHHMMSS
Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular
time -- specify that time with -t and look for "still logged in".
-R Suppresses the display of the hostname field.
-a Display the hostname in the last column. Useful in combination with the next flag.
-d For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the
IP number back into a hostname.
-F Print full login and logout times and dates.
-i This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots nota-
tion.
-o Read an old-type wtmp file (written by linux-libc5 applications).
-w Display full user and domain names in the output.
-x Display the system shutdown entries and run level changes.
NOTES
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configura-
tion issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
FILES
/var/log/wtmp
/var/log/btmp
AUTHOR
Miquel van Smoorenburg, miquels@cistron.nl
SEE ALSO shutdown(8), login(1), init(8)
Jul 31, 2004 LAST,LASTB(1)