Track administrators' login and logout

Hi

I need to register the administrators’ login and logout from my SLES 11
SP1 server. In /var/log/messages I see the login from ssh, but the
logout is missing. Moreover the login-logout with VNC is not logged.

It is possible to activate the login-logout registration with ssh and
VNC?

Thank you

Marco


mvisconti

mvisconti’s Profile: http://forums.novell.com/member.php?userid=97561
View this thread: http://forums.novell.com/showthread.php?t=447223

Hi

The output from the “last” command shows you the login and the logout
time. Is this what you’re searching?
Kind regards,
Tom


amo_vzug

amo_vzug’s Profile: http://forums.novell.com/member.php?userid=25342
View this thread: http://forums.novell.com/showthread.php?t=447223

amo_vzug;2148896 Wrote:[color=blue]

Hi

The output from the “last” command shows you the login and the logout
time. Is this what you’re searching?
Kind regards,
Tom[/color]

Thanks for the answer.
I need a way to register the login and logout in a log file using the
syslog-ng. With the default configuration, only the login with ssh is
logged.

Regards
Marco


mvisconti

mvisconti’s Profile: http://forums.novell.com/member.php?userid=97561
View this thread: http://forums.novell.com/showthread.php?t=447223

mvisconti;2148950 Wrote:[color=blue]

Thanks for the answer.
I need a way to register the login and logout in a log file using the
syslog-ng. With the default configuration, only the login with ssh is
logged.

Regards
Marco[/color]

This might help but not sure since I have not tried it:
http://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Thomas


http://thsundel.blogspot.com/

thsundel’s Profile: http://forums.novell.com/member.php?userid=128
View this thread: http://forums.novell.com/showthread.php?t=447223

thsundel;2148967 Wrote:[color=blue]

This might help but not sure since I have not tried it:
http://www.suse.com/documentation/sled10/pdfdoc/auditqs_sp2/auditqs_sp2.pdf

Thomas[/color]

And here is for SLES11:
http://www.suse.com/documentation/sles11/pdfdoc/art_auditquick/art_auditquick.pdf

Thomas


http://thsundel.blogspot.com/

thsundel’s Profile: http://forums.novell.com/member.php?userid=128
View this thread: http://forums.novell.com/showthread.php?t=447223

You can increase the logging-information in the file
/etc/ssh/sshd_config from
“LogLevel INFO” (Default) to “LogLevel VERBOSE”. This gives you the
following entries in /var/log/messages:

Code:

Oct 26 13:23:29 server1 sshd[19058]: Connection from 99.99.99.99 port 50536
Oct 26 13:23:30 server1 sshd[19058]: Accepted keyboard-interactive/pam for user123 from 99.99.99.99 port 50536 ssh2
Oct 26 13:23:32 server1 sshd[19058]: Received disconnect from 99.99.99.99: 11: disconnected by user


With this information, you can create your own syslog-ng-filter
(match-tag) to redirect login-/disconnect-messages to a certain file.
Regards,
Tom


amo_vzug

amo_vzug’s Profile: http://forums.novell.com/member.php?userid=25342
View this thread: http://forums.novell.com/showthread.php?t=447223

amo_vzug;2148974 Wrote:[color=blue]

You can increase the logging-information in the file
/etc/ssh/sshd_config from
“LogLevel INFO” (Default) to “LogLevel VERBOSE”. This gives you the
following entries in /var/log/messages:
[color=green]

[/color][/color]
Code:
--------------------[color=blue][color=green]

[/color]
Oct 26 13:23:29 server1 sshd[19058]: Connection from 99.99.99.99 port 50536
Oct 26 13:23:30 server1 sshd[19058]: Accepted keyboard-interactive/pam for user123 from 99.99.99.99 port 50536 ssh2
Oct 26 13:23:32 server1 sshd[19058]: Received disconnect from 99.99.99.99: 11: disconnected by user
[/color]
--------------------[color=blue][color=green]

[/color]

With this information, you can create your own syslog-ng-filter
(match-tag) to redirect login-/disconnect-messages to a certain file.
Regards,
Tom[/color]

Many thanks!
Last question. It is possible to log the login and logout with VNC in
the same way? When I connect with vncviewer, I don’t see any message in
the log file (except error messages).

Regards
Marco


mvisconti

mvisconti’s Profile: http://forums.novell.com/member.php?userid=97561
View this thread: http://forums.novell.com/showthread.php?t=447223

mvisconti;2149023 Wrote:[color=blue]

Many thanks!
Last question. It is possible to log the login and logout with VNC in
the same way? When I connect with vncviewer, I don’t see any message in
the log file (except error messages).

Regards
Marco[/color]

Maybe I found a solution. The VNC connection is logged by xinetd, thus
I must modify /etc/xinetd.conf

Thanks to all for the support.

Marco


mvisconti

mvisconti’s Profile: http://forums.novell.com/member.php?userid=97561
View this thread: http://forums.novell.com/showthread.php?t=447223

Hi,
I know this is a very old thread but I’m experiencing the same issue described here, I mean that the /var/log/messages file doesn’t contain any information about the logoff of the user but just only the login actitivity. Changing the log level to VERBOSE doesn’t resolve the problem. Could you suggest something else to try?

Regards,
Ros

[QUOTE=rosario_mattera;39789]Hi,
I know this is a very old thread but I’m experiencing the same issue described here, I mean that the /var/log/messages file doesn’t contain any information about the logoff of the user but just only the login actitivity. Changing the log level to VERBOSE doesn’t resolve the problem. Could you suggest something else to try?

Regards,
Ros[/QUOTE]
Hi
A very old thread :wink: Please start a new thread (add a prefix of the OS in use, potential newer tools etc) and the specific things you want to log.