LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Changing syslog log level to log every user login (https://www.linuxquestions.org/questions/linux-general-1/changing-syslog-log-level-to-log-every-user-login-4175462984/)

daraja 05-22-2013 05:09 AM
Changing syslog log level to log every user login
 
Hello,

I would like to ask some guideline about what should be changed in syslog log level / facility / etc, to log the login event of every user of a linux server.

The current log level is warning, so only root user login event is logged, but I need the activity of the other users, too.

Thank you for your help!

unSpawn 05-22-2013 01:19 PM
On most modern Linux systems PAM (Pluggable Authentication Modules) is used. If PAM is installed and configured to be used then by default all logins are logged to /var/log/secure or equivalent. On systems that do not use PAM all that remains is the 'login' binary logging records to /var/run/utmp and /var/log/wtmp. The default syslog entry for logging logins looks like:
Code:
authpriv.* /var/log/secure

daraja 05-23-2013 11:21 AM
Quote:
Originally Posted by unSpawn (Post 4956699)
On most modern Linux systems PAM (Pluggable Authentication Modules) is used. If PAM is installed and configured to be used then by default all logins are logged to /var/log/secure or equivalent. On systems that do not use PAM all that remains is the 'login' binary logging records to /var/run/utmp and /var/log/wtmp. The default syslog entry for logging logins looks like:
Code:
authpriv.* /var/log/secure
Dear unSpawn,

Thank you!


All times are GMT -5. The time now is 08:19 AM.