Does /var/log/secure log successes?

ssh centos logs

13,903

Solution 1

You're looking to grep for "Accepted", not something in the lines of "Success-"

grep Accepted /var/log/secure

Since logging is configurable, you will need to check your syslog configuration to figure out exactly what gets logged to where.

13,903

Updated on September 18, 2022

Max Gomes almost 2 years

Short one that I've been unable to find a decent answer for.

Centos 5.10 server, trying to trawl through all the logs I can to see what IPs successfully accessed the server. I've been mucking about with /var/log/secure and /var/log/audit/audit.log.

Most interesting thing I found was from the /root/.bash_history, grepping through a few suspect directories and files for a specific IP but I want to be sure exactly what IPs have accessed the server via ssh.

TL;DR:

Does /var/log/secure log ssh successes or is there some other file on centos systems that do?
- Admin about 10 years
  
  welcome to Stack Exchange! on Stack Exchange, we expect people to do a basic level of research before they come to us, given that we're all volunteers. so with that in mind: try it. access the server yourself and see if your IP gets logged.
Max Gomes about 10 years

There is no /var/log/auth on redhat/centos systems.
Max Gomes about 10 years

Any ideas where exactly to check or what to configure?
Jenny D about 10 years

That depends on what syslog program you're using. Please don't take this the wrong way, but I strongly advice you to read the documentation at centos.org/docs/5/html/5.2/Deployment_Guide - there's a section specifically about locating log files, and you really need to know the basics about how the system works.