VivekJauhari
asked on
How to track who tried to login my server and from which ip
I wd like to know is any way to find out in solaris who tried to login our server with which user, from which ip and when what times and date.
if any script i need that if any one can provide this.
regards
vivek jauhari
if any script i need that if any one can provide this.
regards
vivek jauhari
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
more /var/log/messages
more /var/adm/messages
more /var/adm/syslog
# path depends on your system version/setup
more /var/adm/messages
more /var/adm/syslog
# path depends on your system version/setup
ASKER
It is ok.. we can check with Last command but i wd like to knwo who tryied to login from which ip if login not success also. so that we can track which ip tring to breck our passwd/server.
is we can find this via any script? and if yes i need that script
regards
vivek jauhari
is we can find this via any script? and if yes i need that script
regards
vivek jauhari
To log failed logins (via telnet/ssh), edit /etc/default/logins and set
SYSLOG_FAILED_LOGINS=0
Then do:
touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog
SYSLOG_FAILED_LOGINS=0
Then do:
touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog
ssh attempts will be in /var/adm/messages or /var/adm/syslog
Each access method logs different information, and different levels of detail.
Which access method(s) do you want to analyze?