How to log every login (SSH) on FreeBSD
Solution 1
The default is to log to the AUTH
facility. You can change the facility
that sshd logs to with the SyslogFacility
configuration option.
SyslogFacility LOCAL7
Then configure your syslogd to write local7.* to it's own file by adding
local7.* /var/log/local7.log
to the syslogd configuration file. Tell syslogd to reread it's config file by sending it a HUP
signal do the same for sshd and you should have sshd messages being sent to it's own file.
Solution 2
I stumbled upon this blog-post that describes multiple solutions to my question. Among other things it mentions log-parsing and, interestingly, PAM scripting through pam_exec
. This enables me to run my own script on every login.
I think this is the most flexible solution to my problem, although Iain
's previous answer probably is less invasive and also solves my problem.
Related videos on Youtube
poplitea
Updated on September 18, 2022Comments
-
poplitea over 1 year
I want to log every SSH login attempts, both successful and not, to my FreeBSD server to a file, and daily mail this log to root.
I could accomplish something like this by parsing
/var/log/auth.log
, but a) this contains more than login attempts, and b) it could be turned over since yesterday's run. Is there a more direct way of doing this; for instance a hook in SSHd or login configuration to log each login? -
poplitea over 12 yearsThank you! :-) This is one possible solution. I also found another; PAM scripting -- see my own answer.