Link to home
Start Free TrialLog in
Avatar of VivekJauhari
VivekJauhari

asked on

How to track who tried to login my server and from which ip

I wd like to know is any way to find out in solaris who tried to login our server with which user, from which ip and when what times and date.

if any script i need that if any one can provide this.

regards
vivek jauhari
Avatar of PsiCop
PsiCop
Flag of United States of America image

Depends on the access methods, e.g. telnet, SSH, FTP, NFS, etc.

Each access method logs different information, and different levels of detail.

Which access method(s) do you want to analyze?
ASKER CERTIFIED SOLUTION
Avatar of Tintin
Tintin

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
more /var/log/messages
more /var/adm/messages
more /var/adm/syslog
# path depends on your system version/setup
Avatar of VivekJauhari
VivekJauhari

ASKER

It is ok.. we can check with Last command but i wd like to knwo who tryied to login from which ip if login not success also. so that we can track which ip tring to breck our passwd/server.

is we can find this via any script? and if yes i need that script

regards
vivek jauhari
To log failed logins (via telnet/ssh), edit /etc/default/logins and set

SYSLOG_FAILED_LOGINS=0

Then do:

touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog

ssh attempts will be in /var/adm/messages or /var/adm/syslog