Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to track who tried to login my server and from which ip

Posted on 2006-11-29
6
241 Views
Last Modified: 2013-12-27
I wd like to know is any way to find out in solaris who tried to login our server with which user, from which ip and when what times and date.

if any script i need that if any one can provide this.

regards
vivek jauhari
0
Comment
Question by:VivekJauhari
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 18039131
Depends on the access methods, e.g. telnet, SSH, FTP, NFS, etc.

Each access method logs different information, and different levels of detail.

Which access method(s) do you want to analyze?
0
 
LVL 48

Accepted Solution

by:
Tintin earned 35 total points
ID: 18040900
As PsiCop says, it depends on the method used to log in.

You can list all successful logins with the 'last' command.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18043491
more /var/log/messages
more /var/adm/messages
more /var/adm/syslog
# path depends on your system version/setup
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:VivekJauhari
ID: 18044804
It is ok.. we can check with Last command but i wd like to knwo who tryied to login from which ip if login not success also. so that we can track which ip tring to breck our passwd/server.

is we can find this via any script? and if yes i need that script

regards
vivek jauhari
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18048453
To log failed logins (via telnet/ssh), edit /etc/default/logins and set

SYSLOG_FAILED_LOGINS=0

Then do:

touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog

0
 
LVL 48

Expert Comment

by:Tintin
ID: 18048455
ssh attempts will be in /var/adm/messages or /var/adm/syslog
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question