How to record login's via ssh ? - SSH

This is a discussion on How to record login's via ssh ? - SSH ; I've got a Sun workstation running Solaris 10 update 4. How can I record details on who logged, from where and at what time? Ideally I'd like * username * IP address * Date + time I'm not looking to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: How to record login's via ssh ?

  1. How to record login's via ssh ?

    I've got a Sun workstation running Solaris 10 update 4. How can I record
    details on who logged, from where and at what time? Ideally I'd like

    * username
    * IP address
    * Date + time

    I'm not looking to record every command they type!






  2. Re: How to record login's via ssh ?

    Dave writes:

    >I've got a Sun workstation running Solaris 10 update 4. How can I record
    > details on who logged, from where and at what time? Ideally I'd like


    >* username
    >* IP address
    >* Date + time


    >I'm not looking to record every command they type!


    Does
    last|less
    give you wnat you want?







  3. Re: How to record login's via ssh ?

    Dave wrote:
    > I've got a Sun workstation running Solaris 10 update 4. How can I record
    > details on who logged, from where and at what time? Ideally I'd like
    >
    > * username
    > * IP address
    > * Date + time
    >
    > I'm not looking to record every command they type!
    >
    >
    >
    >
    >

    This information will come from a combination of proper configuration of
    your sshd_config file and your syslog config. From the man page of
    sshd_config:

    SyslogFacility
    Gives the facility code that is used when logging messages from
    sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0,
    LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
    default is AUTH.

    Configure Logging Appropriately

    * The SULinux/RedHat logging configuration is pretty reasonable for
    most users
    * For Solaris, this /etc/syslog.conf file is a more useful
    configuration:

    mail.debug /var/adm/maillog
    auth.notice /var/adm/authlog
    lpr.debug /var/adm/lpd-errs
    kern.debug /var/adm/messages
    *.emerg;*.alert;*.crit;*.warning;*.err;*.notice;*. info /var/adm/messages

    This is a kluge of info that is freely available with a google search.

  4. Re: How to record login's via ssh ?

    0xdeadabe wrote:
    > Dave wrote:
    >> I've got a Sun workstation running Solaris 10 update 4. How can I
    >> record details on who logged, from where and at what time? Ideally
    >> I'd like
    >>
    >> * username
    >> * IP address
    >> * Date + time
    >>
    >> I'm not looking to record every command they type!
    >>
    >>
    >>
    >>
    >>

    > This information will come from a combination of proper configuration of
    > your sshd_config file and your syslog config. From the man page of
    > sshd_config:
    >
    > SyslogFacility
    > Gives the facility code that is used when logging messages from
    > sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0,
    > LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
    > default is AUTH.
    >
    > Configure Logging Appropriately
    >
    > * The SULinux/RedHat logging configuration is pretty reasonable for
    > most users
    > * For Solaris, this /etc/syslog.conf file is a more useful
    > configuration:
    >
    > mail.debug /var/adm/maillog
    > auth.notice /var/adm/authlog
    > lpr.debug /var/adm/lpd-errs
    > kern.debug /var/adm/messages
    > *.emerg;*.alert;*.crit;*.warning;*.err;*.notice;*. info /var/adm/messages
    >
    > This is a kluge of info that is freely available with a google search.



    Thank you for that. The following seems to give a reasonable amount of
    information, without it being excessive and stick it in a file
    /var/adm/sshlog.


    In /etc/syslog.conf
    auth.info /var/adm/sshlog

    In /etc/ssh/sshd_config

    # Syslog facility and level
    SyslogFacility auth
    LogLevel info





+ Reply to Thread