How to log every login (SSH) on FreeBSD

ssh logging freebsd login
9,576

Solution 1

The default is to log to the AUTH facility. You can change the facility that sshd logs to with the SyslogFacility configuration option. 

SyslogFacility LOCAL7

Then configure your syslogd to write local7.* to it's own file by adding 

local7.*     /var/log/local7.log

to the syslogd configuration file. Tell syslogd to reread it's config file by sending it a HUP signal do the same for sshd and you should have sshd messages being sent to it's own file.

Solution 2

I stumbled upon this blog-post that describes multiple solutions to my question. Among other things it mentions log-parsing and, interestingly, PAM scripting through pam_exec. This enables me to run my own script on every login.

I think this is the most flexible solution to my problem, although Iain's previous answer probably is less invasive and also solves my problem.

Share:
9,576

Related videos on Youtube

poplitea
Author by

poplitea

Updated on September 18, 2022

Comments

  • poplitea
    poplitea over 1 year

    I want to log every SSH login attempts, both successful and not, to my FreeBSD server to a file, and daily mail this log to root.

    I could accomplish something like this by parsing /var/log/auth.log, but a) this contains more than login attempts, and b) it could be turned over since yesterday's run. Is there a more direct way of doing this; for instance a hook in SSHd or login configuration to log each login?

  • poplitea
    poplitea over 12 years
    Thank you! :-) This is one possible solution. I also found another; PAM scripting -- see my own answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to access the server via SSH?
How do I list the N last successful and unsuccessful login attempts for my user when I log in with e.g. ssh on Linux?
Why is my auth.log file empty?
What do these entries in my SSH logs mean?
Is my password compromised because I forgot to hit Enter after ssh username?
Best practice to write logs in /var/log from a python script?
Permission denied (publickey,password). while using ssh to login
How do I monitor log of the users who successfully logged into my Jenkins Server?
How to change Ubuntu Server Login message
How to solve Bad Configuration Option: UseDNS?