Severity Level in syslog.conf


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Severity Level in syslog.conf
# 1  
Old 12-11-2001
Severity Level in syslog.conf

To change the syslog.conf file to log every attempt like (Failed Login Attempts), what severity level must it be at? is it .notice or .err....not sure on this....
# 2  
Old 12-11-2001
I'm not positive, but I don't think the standard telnet daemon has provisions for logging each and every single failed login attempt. It will however log repeated login failures. (Maybe there are custom telnet daemons that will?)

Most people I know use system accounting to keep track of logins.

Your syslog facility should log repeated login failures as it is.

Basically, if a particular daemon (telnet for this case) doesn't have logging that specifically provides for logging of everything to syslog, changing the syslog.conf isn't going to do anything to help you. It only tells syslog which message levels to log and which to ignore pretty much.

I hope this isn't too confusing.
# 3  
Old 12-11-2001
As I recall, telnetd and in.telnetd (your example) uses /bin/login to manage user logins. There is a configuration file for /bin/login called login.defs :

Quote:

NAME
/etc/login.defs - Login configuration

DESCRIPTION
The /etc/login.defs file defines the site-specific config-
uration for the shadow login suite. This file is
required. Absence of this file will not prevent system
operation, but will probably result in undesirable opera-
tion.

This file is a readable text file, each line of the file
describing one configuration parameter. The lines consist
of a configuration name and value, seperated by whites-
pace. Blank lines and comment lines are ignored. Com-
ments are introduced with a `#' pound sign and the pound
sign must be the first non-white character of the line.

Parameter values may be of four types: strings, booleans,
numbers, and long numbers. A string is comprised of any
printable characters. A boolean should be either the
and in the man page, the configuration for the logging behavior of /bin/login is configured (just a few examples):

Quote:
FAILLOG_ENAB (boolean)
If yes then login failures will be accumulated in
/var/log/faillog in a faillog(8) format.

FAIL_DELAY (number)
Delay time in seconds after each failed login
attempt.
Does this help, or were you looking for more generic syslog.conf information not related to login and telnetd?
# 4  
Old 12-12-2001
Also, see if your system supports btmp. It's kind of like wtmp, but for bad logins. You can usually test this by finding your wtmp file (in my case it's in /var/log), and :
Code:
touch /var/log/btmp

Now try opening another session to your box, and purposely fail to provide the correct password. If the file grows in size, you're now keeping track of failed logins.

Although:
You must be careful who has the ability to read this file... A common scenario is when you accidentally put your password in as your username... someone who reads that file can keep an eye out for that.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Which are the available entries to forward syslog in syslog.conf?

Hi Community Which are the available entries to forward syslog in syslog.conf i have put *.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50 and it's not going through.giving error message like below: syslogd:... (2 Replies)
Discussion started by: bentech4u
2 Replies

2. Red Hat

Configuring syslog.conf

Hi, I would like to configure syslog linux client, syslog server is windows server. so adding on linux client in /etc/syslog.conf @hostname will work in the place of directory location. example of /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up... (2 Replies)
Discussion started by: manoj.solaris
2 Replies

3. Solaris

best configuration for syslog.conf

I would like to configure the syslog.conf to have a good monitoring information about my system. do you have any idea about best configuration from your experience in your Data Centers BR, (5 Replies)
Discussion started by: maxim42
5 Replies

4. Shell Programming and Scripting

syslog.conf

How can i configure messages with warn priority to be logged in /var/log/mywarnings.log ? (1 Reply)
Discussion started by: g0dlik3
1 Replies

5. UNIX for Advanced & Expert Users

Modifying syslog.conf

I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. ... (4 Replies)
Discussion started by: goose25
4 Replies

6. Solaris

Want to know about a entry in syslog.conf

Hi Everyone, I just wanted to know about the below entry in syslog.conf in Solaris 10: kern.notice @destserver Now the log will be redirected to destserver. But I want to know the location on the destserver where this log will be thrown. Thanks in Advance, Deepak (4 Replies)
Discussion started by: naw_deepak
4 Replies

7. Solaris

syslog-ng.conf

Has anyone here configured a central syslog server using syslog-ng ? I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different. So if you have a Solaris... (5 Replies)
Discussion started by: Tornado
5 Replies

8. Linux

SYSLOG.CONF another port

Hi everybody, i have a little problem... I have two server srv01 and srv02. srv02 have a syslogd server onboard and listen on 515... not on 514 (it's busy). How i configure the syslog.conf of srv01 for send logs on srv02:515 ??? Now i have on srv01: *.* @srv02 if i write: *.* ... (0 Replies)
Discussion started by: Zio Bill
0 Replies

9. HP-UX

Event Monitor notification : Severity Serious : what does that mean ???

Hi I received this mail (root) on my hp-ux 11.00. >------------ Event Monitoring Service Event Notification ------------< Notification Time: Thu Mar 22 08:41:28 2007 hostname sent Event Monitor notification information: /storage/events/disks/default/0_0_1_1.0.0 is >= 3. Its current value... (6 Replies)
Discussion started by: touny
6 Replies

10. Red Hat

syslog.conf

Hi all I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Discussion started by: soliberus
1 Replies
Login or Register to Ask a Question