Very new to Linux.
I'm using RHEL 2.4 and could not find any record of accounts that were locked out due to unsuccessful logins other than in it was documented in the the /var/log/faillog.
By default, does the Linux System Log record account lockouts and in which System Log, Audit, Message or Security? What trigger words should I look for, example account locked?
The accounts do reflect in the faillog and the System Logs show authentication failures but I was just wondering if it was documented somewhere other than the faillog.
A million thanks
John