LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page about /var/log/messages
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-26-2006, 02:25 AM   #1
gnoddong
LQ Newbie
 
Registered: Apr 2006
Posts: 2

Rep: Reputation: 0
Question about /var/log/messages

There are many kind of records for login in file /var/log/messages.
There are some records contain "FAILED LOGIN", and a number(1 or 2 in my linux) follows thar string.
who can told me about what the number means.
Thanks.
 
Old 04-26-2006, 02:35 AM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Is it a one then a two? Isn't it just counting the number of times a specific login has failed? (If it fails three times, in some systems, the sysadmin is notified.)
 
Old 04-26-2006, 04:11 AM   #3
gnoddong
LQ Newbie
 
Registered: Apr 2006
Posts: 2

Original Poster
Rep: Reputation: 0
thanks
Quote:
Originally Posted by Simon Bridge
Is it a one then a two? Isn't it just counting the number of times a specific login has failed? (If it fails three times, in some systems, the sysadmin is notified.)
Thanks for your hint
I tried to telnet a Linux server by SecurCRT with correct user name but incorrect password for 4 times.
And the OS logged like below:

>login[16510]: FAILED LOGIN 1 FROM 10.1.7.244 FOR parlay
>login[16510]: FAILED LOGIN 2 FROM 10.1.7.244 FOR
>login[16510]: FAILED LOGIN 3 FROM 10.1.7.244 FOR parlay
>login[16510]: FAILED LOGIN SESSION FROM 10.1.7.244 FOR parlay
>login(pam_unix)[16510]: 3 more authentication failures;
>login(pam_unix)[16510]: service(login) ignoring max retries; 4 > 3

so the number do counts the failure times of a login process.
Last edited by gnoddong; 04-26-2006 at 04:19 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecting the kernel messages to file other than /var/log/messages jyotika_b83 Linux - General 3 04-28-2005 06:39 PM
Deleted /var/log/messages, can't log any files-iptables chingyenccy Linux - Newbie 7 02-27-2005 04:03 PM
From where am i getting error messages to /var/log/messages? prabhuacsp Programming 3 02-16-2005 08:59 AM
/var/log/messages full of these messages. Should I be concerned? mdavis Linux - Security 5 04-16-2004 10:08 AM
iptables, changing log file from /var/log/messages acid2000 Linux - Networking 3 03-11-2003 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:37 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration