LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-09-2019, 09:13 AM   #1
itsallgood
LQ Newbie
 
Registered: Jan 2015
Posts: 14

Rep: Reputation: Disabled
Question A way to monitor logins on a Linux box in real time?


All,

Like my title says, is there any way to monitor logins on a Linux box in real time?

I am just learning Linux and have a Linux server I've been tasked with taking care of.

Something we are trying to figure out is how to tell when user(s) log in in real time. I can run 'last' to see all of this information but there must surely be a way to monitor it in real time vs. running the 'last' command or 'who' then searching through the info, right? I was thinking something like tail -F but I can't seem to find much on Google with my limited skill with the OS.

I found a program called 'whowatch' but I'd prefer something I can do with native tools on a Red Hat 6 box as there may be more I will need to do this on in the future.

Many thanks for your suggestions.
 
Old 10-09-2019, 09:44 AM   #2
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora, Alpine, Cirros, OpenSuse/SLES
Posts: 3,445

Rep: Reputation: 902Reputation: 902Reputation: 902Reputation: 902Reputation: 902Reputation: 902Reputation: 902Reputation: 902
tail -f /var/log/secure, probably followed by a grep to only see successful logins (or failed ones, as you prefer).
 
Old 10-09-2019, 10:31 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,944

Rep: Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810Reputation: 5810
Quote:
Originally Posted by berndbausch View Post
tail -f /var/log/secure, probably followed by a grep to only see successful logins (or failed ones, as you prefer).
I'd go with this suggestion, and only look at failed logins, personally. Mainly because (if you have a good number of users), you'll see logins CONSTANTLY. The 'signal-to-noise' ratio there will make it easy to miss something suspicious. Logging only fails will be a shorter list, and let you see potential problems quicker.

For example, if you know user "Joe" is in the office, seeing multiple failed login attempts from the external WAN network is something to take note of. Seeing one or two from the internal LAN, from his workstation, means he probably fat-fingered the password, and is nothing to worry about. Tons of repeated "root" attempts from any address are worth seeing. While you CAN write scripts to do this, I'd suggest using a non-RHEL native tool, such as Nagios or Zabbix, which can watch log files for you, and incorporate any rules you want. Notifications are easier to see/manage, and you get a better comprehensive picture of what's going on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze LXer Syndicated Linux News 0 08-24-2011 04:20 AM
Need some detail information on Hard Real-Time Systems and Soft real-Time Systems. LinuxInfo General 3 09-22-2008 03:25 AM
Real Time Clock & Real Time Timer jiramak Linux - Newbie 1 09-05-2007 06:43 PM
LXer: Real-time garbage collection with Real-time Java LXer Syndicated Linux News 0 05-05-2007 12:16 PM
LXer: Real-time Linux gains real-time JVM LXer Syndicated Linux News 0 10-12-2006 10:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration