由 likun 在 08-03-2003 00:48 发表:

如何看通过ssh连接上来的用户log？

我想看系统log里记录ssh的联接的部分，但是不知道在那里可以看到详细记录那个用户什么时间连上来的记录呢？

Celeron 1.7G intel 845E SEAGATE 80G 7200 256MDDR266 Gforce2MX400

Mandrake 9.0 + Windowns 2000

由 n0fe@r 在 08-03-2003 07:45 发表:

last

由 tower 在 08-03-2003 11:17 发表:

/var/log/secure

在/etc/syslog.conf中有定义

由 likun 在 08-03-2003 13:15 发表:

我的syslog.conf如下，但好像看不到有关ssh的部分。

[root@nms etc]# more syslog.conf

Various entry

auth,authpriv.* /var/log/auth.log

.;auth,authpriv.none -/var/log/syslog

user.* -/var/log/user.log

Log anything (except mail) of level info or higher.

Don't log private authentication messages!

*.info;mail.none;;news.none;authpriv.none -/var/log/messages

The authpriv file has restricted access.

authpriv.* /var/log/secure

Mail logging

mail.=debug;mail.=info;mail.=notice -/var/log/mail/info

mail.=warn -/var/log/mail/warnings

mail.err -/var/log/mail/errors

Cron logging

cron.=debug;cron.=info;cron.=notice -/var/log/cron/info

cron.=warn -/var/log/cron/warnings

cron.err -/var/log/cron/errors

Kernel logging

kern.=debug;kern.=info;kern.=notice -/var/log/kernel/info

kern.=warn -/var/log/kernel/warnings

kern.err /var/log/kernel/errors

Lpr logging

lpr.=debug;lpr.=info;lpr.=notice -/var/log/lpr/info

lpr.=warn -/var/log/lpr/warnings

lpr.err -/var/log/lpr/errors

News logging

news.=debug;news.=info;news.=notice -/var/log/news/news.notice

news.=crit -/var/log/news/news.crit

news.=err -/var/log/news/news.err

Daemons logging

daemon.=debug;daemon.=info;daemon.=notice -/var/log/daemons/info

daemon.=warn -/var/log/daemons/warnings

daemon.err -/var/log/daemons/errors

Everybody gets emergency messages

*.emerg *

Save mail and news errors of level err and higher in a

special file.

uucp,news.crit -/var/log/spooler

Save boot messages also to boot.log

local7.* -/var/log/boot.log

Explanations from Mandrake Linux configuration tools

local1.* -/var/log/explanations

Celeron 1.7G intel 845E SEAGATE 80G 7200 256MDDR266 Gforce2MX400

Mandrake 9.0 + Windowns 2000

由 tower 在 08-04-2003 14:12 发表:

应该有的

auth,authpriv.* /var/log/auth.log

.;auth,authpriv.none -/var/log/syslog

user.* -/var/log/user.log

Log anything (except mail) of level info or higher.

Don't log private authentication messages!

*.info;mail.none;;news.none;authpriv.none -/var/log/messages

<br /