由 likun 在 08-03-2003 00:48 发表:
如何看通过ssh连接上来的用户log?
我想看系统log里记录ssh的联接的部分,但是不知道在那里可以看到详细记录那个用户什么时间连上来的记录呢?
Celeron 1.7G intel 845E SEAGATE 80G 7200 256MDDR266 Gforce2MX400
Mandrake 9.0 + Windowns 2000
由 n0fe@r 在 08-03-2003 07:45 发表:
last
由 tower 在 08-03-2003 11:17 发表:
/var/log/secure
在/etc/syslog.conf中有定义
由 likun 在 08-03-2003 13:15 发表:
我的syslog.conf如下,但好像看不到有关ssh的部分。
[root@nms etc]# more syslog.conf
Various entry
auth,authpriv.* /var/log/auth.log
.;auth,authpriv.none -/var/log/syslog
user.* -/var/log/user.log
Log anything (except mail) of level info or higher.
Don't log private authentication messages!
*.info;mail.none;;news.none;authpriv.none -/var/log/messages
The authpriv file has restricted access.
authpriv.* /var/log/secure
Mail logging
mail.=debug;mail.=info;mail.=notice -/var/log/mail/info
mail.=warn -/var/log/mail/warnings
mail.err -/var/log/mail/errors
Cron logging
cron.=debug;cron.=info;cron.=notice -/var/log/cron/info
cron.=warn -/var/log/cron/warnings
cron.err -/var/log/cron/errors
Kernel logging
kern.=debug;kern.=info;kern.=notice -/var/log/kernel/info
kern.=warn -/var/log/kernel/warnings
kern.err /var/log/kernel/errors
Lpr logging
lpr.=debug;lpr.=info;lpr.=notice -/var/log/lpr/info
lpr.=warn -/var/log/lpr/warnings
lpr.err -/var/log/lpr/errors
News logging
news.=debug;news.=info;news.=notice -/var/log/news/news.notice
news.=crit -/var/log/news/news.crit
news.=err -/var/log/news/news.err
Daemons logging
daemon.=debug;daemon.=info;daemon.=notice -/var/log/daemons/info
daemon.=warn -/var/log/daemons/warnings
daemon.err -/var/log/daemons/errors
Everybody gets emergency messages
*.emerg *
Save mail and news errors of level err and higher in a
special file.
uucp,news.crit -/var/log/spooler
Save boot messages also to boot.log
local7.* -/var/log/boot.log
Explanations from Mandrake Linux configuration tools
local1.* -/var/log/explanations
Celeron 1.7G intel 845E SEAGATE 80G 7200 256MDDR266 Gforce2MX400
Mandrake 9.0 + Windowns 2000
由 tower 在 08-04-2003 14:12 发表:
应该有的
auth,authpriv.* /var/log/auth.log
.;auth,authpriv.none -/var/log/syslog
user.* -/var/log/user.log
Log anything (except mail) of level info or higher.
Don't log private authentication messages!
*.info;mail.none;;news.none;authpriv.none -/var/log/messages
<br /