LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page Changing syslog log level to log every user login
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-22-2013, 05:09 AM   #1
daraja
LQ Newbie
 
Registered: Mar 2013
Posts: 6

Rep: Reputation: Disabled
Changing syslog log level to log every user login

Hello,

I would like to ask some guideline about what should be changed in syslog log level / facility / etc, to log the login event of every user of a linux server.

The current log level is warning, so only root user login event is logged, but I need the activity of the other users, too.

Thank you for your help!
 
Old 05-22-2013, 01:19 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
On most modern Linux systems PAM (Pluggable Authentication Modules) is used. If PAM is installed and configured to be used then by default all logins are logged to /var/log/secure or equivalent. On systems that do not use PAM all that remains is the 'login' binary logging records to /var/run/utmp and /var/log/wtmp. The default syslog entry for logging logins looks like:
Code:
authpriv.* /var/log/secure
Last edited by unSpawn; 05-22-2013 at 01:21 PM. Reason: //More *is* more
 
1 members found this post helpful.
Old 05-23-2013, 11:21 AM   #3
daraja
LQ Newbie
 
Registered: Mar 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
On most modern Linux systems PAM (Pluggable Authentication Modules) is used. If PAM is installed and configured to be used then by default all logins are logged to /var/log/secure or equivalent. On systems that do not use PAM all that remains is the 'login' binary logging records to /var/run/utmp and /var/log/wtmp. The default syslog entry for logging logins looks like:
Code:
authpriv.* /var/log/secure
Dear unSpawn,

Thank you!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix logging to both /var/log/mail.log and syslog Zolcsi Linux - Server 2 04-21-2013 03:07 AM
[SOLVED] BASH: Use SYSLOG to write log to new log file worm5252 Programming 2 08-23-2012 11:17 AM
How to change Debian log rotation of syslog and daemon.log onmountain Linux - Newbie 2 07-31-2008 02:27 AM
vsftpd and log files - can i up the log level to see login attempts? robr Linux - Newbie 3 04-04-2008 11:38 AM
IPTABLES AND SYSLOG log-level warning ? bennethos Debian 0 10-11-2004 07:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 05:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration