Does /var/log/secure log successes?
Solution 1
You're looking to grep for "Accepted", not something in the lines of "Success-"
grep Accepted /var/log/secure
Solution 2
Since logging is configurable, you will need to check your syslog configuration to figure out exactly what gets logged to where.
Related videos on Youtube
Max Gomes
Updated on September 18, 2022Comments
-
Max Gomes almost 2 years
Short one that I've been unable to find a decent answer for.
Centos 5.10 server, trying to trawl through all the logs I can to see what IPs successfully accessed the server. I've been mucking about with
/var/log/secure
and/var/log/audit/audit.log
.Most interesting thing I found was from the
/root/.bash_history
, grepping through a few suspect directories and files for a specific IP but I want to be sure exactly what IPs have accessed the server via ssh.TL;DR:
Does
/var/log/secure
log ssh successes or is there some other file on centos systems that do?-
Admin about 10 yearswelcome to Stack Exchange! on Stack Exchange, we expect people to do a basic level of research before they come to us, given that we're all volunteers. so with that in mind: try it. access the server yourself and see if your IP gets logged.
-
-
Max Gomes about 10 yearsThere is no /var/log/auth on redhat/centos systems.
-
Max Gomes about 10 yearsAny ideas where exactly to check or what to configure?
-
Jenny D about 10 yearsThat depends on what syslog program you're using. Please don't take this the wrong way, but I strongly advice you to read the documentation at centos.org/docs/5/html/5.2/Deployment_Guide - there's a section specifically about locating log files, and you really need to know the basics about how the system works.