Re: Logging logins only?

• Previous message: Blair Steenerson: "Logging logins only?"
• In reply to: Blair Steenerson: "Logging logins only?"
• Next in thread: Eddie Willett: "RE: Logging logins only?"
• Reply: Eddie Willett: "RE: Logging logins only?"
• Reply: Alvin Oga: "Re: Logging logins only? - ez"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 09 Nov 2004 18:01:51 +0100
To: Blair Steenerson <blair@steenerson.com>

Blair Steenerson wrote:

> Hi all. I've been reading this list for a while, and have followed
> the discussion of the automated probes that have become pretty common
> against SSH servers. Same deal here.
>
> I have a couple boxes using SSH which log to a central syslog server.
> I want to be able to keep track of who and when people login to these
> boxes, but since my logs are now filled up with thousands of lines of
> login errors (illegal user, not in allow list, etc), its getting to be
> a pain to sort through the garbage to keep track of what I want (not
> to mention a major waste of paper on the syslogd printer)
>
> What I want to do is log only successful logins, but not all the
> script kiddie's probing - I know they are there, I can deal with
> that. None of INFO, ERROR, FATAL or QUIET does the job.
> Unfortunately my programming skills suck or I would dig in myself....
>
> Maybe someone here has a suggestion short of that? Or maybe I have
> missed some trick somewhere?
>
> Thanks for your time, and keep up the good work.
>
> Version is OpenSSH 3.8p1, not using PAM
>
> Blair
>
>
>
>
unix comand: last

-- 
Un saludo
David Román Esteban
droman@plcendesa.com
(+34)669229194

• Previous message: Blair Steenerson: "Logging logins only?"
• In reply to: Blair Steenerson: "Logging logins only?"
• Next in thread: Eddie Willett: "RE: Logging logins only?"
• Reply: Eddie Willett: "RE: Logging logins only?"
• Reply: Alvin Oga: "Re: Logging logins only? - ez"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]