On my Linux system, by default
, any successful
SSH logins can be shown by the last command:
If I wish to see failed
login attempts, I would have to look elsewhere.
Also, Linux systems tend to be very flexible when it comes to configuration. Even though it might be fair to say that it would be a strange thing to do, if I wanted to configure the system so that a certain type of events were logged in the file /var/log/toilet.log
I could probably do so rather easily.
Log rotation tends to happen automatically. So you might
need to know exactly how your system is configured as far as the events you are seeking are concerned. In my case, I can look in /var/log/messages
to see failed
ssh login attempts, but only those during a certain period of time. Due to automatic log rotation, there are currently already 17 compressed older messages
files in /var/log
from this year, so far, that I would also have to look through, if I wanted to check such things for the year, so far.
Then too, even different versions of the same Linux distribution might word a particular type of message somewhat differently. So looking for the exact wording from one version, might not work with another version.
There is a tendency to need to know how your particular
system is configured.
I hope this helps in at least some way.