I need to register the administrators’ login and logout from my SLES 11
SP1 server. In /var/log/messages I see the login from ssh, but the
logout is missing. Moreover the login-logout with VNC is not logged.
It is possible to activate the login-logout registration with ssh and
VNC?
The output from the “last” command shows you the login and the logout
time. Is this what you’re searching?
Kind regards,
Tom[/color]
Thanks for the answer.
I need a way to register the login and logout in a log file using the
syslog-ng. With the default configuration, only the login with ssh is
logged.
Thanks for the answer.
I need a way to register the login and logout in a log file using the
syslog-ng. With the default configuration, only the login with ssh is
logged.
You can increase the logging-information in the file
/etc/ssh/sshd_config from
“LogLevel INFO” (Default) to “LogLevel VERBOSE”. This gives you the
following entries in /var/log/messages:
Code:
Oct 26 13:23:29 server1 sshd[19058]: Connection from 99.99.99.99 port 50536
Oct 26 13:23:30 server1 sshd[19058]: Accepted keyboard-interactive/pam for user123 from 99.99.99.99 port 50536 ssh2
Oct 26 13:23:32 server1 sshd[19058]: Received disconnect from 99.99.99.99: 11: disconnected by user
With this information, you can create your own syslog-ng-filter
(match-tag) to redirect login-/disconnect-messages to a certain file.
Regards,
Tom
You can increase the logging-information in the file
/etc/ssh/sshd_config from
“LogLevel INFO” (Default) to “LogLevel VERBOSE”. This gives you the
following entries in /var/log/messages:
[color=green]
[/color][/color]
Code:
--------------------[color=blue][color=green]
[/color]
Oct 26 13:23:29 server1 sshd[19058]: Connection from 99.99.99.99 port 50536
Oct 26 13:23:30 server1 sshd[19058]: Accepted keyboard-interactive/pam for user123 from 99.99.99.99 port 50536 ssh2
Oct 26 13:23:32 server1 sshd[19058]: Received disconnect from 99.99.99.99: 11: disconnected by user
[/color]
--------------------[color=blue][color=green]
[/color]
With this information, you can create your own syslog-ng-filter
(match-tag) to redirect login-/disconnect-messages to a certain file.
Regards,
Tom[/color]
Many thanks!
Last question. It is possible to log the login and logout with VNC in
the same way? When I connect with vncviewer, I don’t see any message in
the log file (except error messages).
Many thanks!
Last question. It is possible to log the login and logout with VNC in
the same way? When I connect with vncviewer, I don’t see any message in
the log file (except error messages).
Regards
Marco[/color]
Maybe I found a solution. The VNC connection is logged by xinetd, thus
I must modify /etc/xinetd.conf
Hi,
I know this is a very old thread but I’m experiencing the same issue described here, I mean that the /var/log/messages file doesn’t contain any information about the logoff of the user but just only the login actitivity. Changing the log level to VERBOSE doesn’t resolve the problem. Could you suggest something else to try?
[QUOTE=rosario_mattera;39789]Hi,
I know this is a very old thread but I’m experiencing the same issue described here, I mean that the /var/log/messages file doesn’t contain any information about the logoff of the user but just only the login actitivity. Changing the log level to VERBOSE doesn’t resolve the problem. Could you suggest something else to try?
Regards,
Ros[/QUOTE]
Hi
A very old thread Please start a new thread (add a prefix of the OS in use, potential newer tools etc) and the specific things you want to log.