Changing syslog log level to log every user login
Hello,
I would like to ask some guideline about what should be changed in syslog log level / facility / etc, to log the login event of every user of a linux server. The current log level is warning, so only root user login event is logged, but I need the activity of the other users, too. Thank you for your help! |
On most modern Linux systems PAM (Pluggable Authentication Modules) is used. If PAM is installed and configured to be used then by default all logins are logged to /var/log/secure or equivalent. On systems that do not use PAM all that remains is the 'login' binary logging records to /var/run/utmp and /var/log/wtmp. The default syslog entry for logging logins looks like:
Code:
authpriv.* /var/log/secure |
Quote:
Thank you! |
All times are GMT -5. The time now is 08:19 AM. |