Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to track who tried to login my server and from which ip

Posted on 2006-11-29
6
Medium Priority
?
258 Views
Last Modified: 2013-12-27
I wd like to know is any way to find out in solaris who tried to login our server with which user, from which ip and when what times and date.

if any script i need that if any one can provide this.

regards
vivek jauhari
0
Comment
Question by:VivekJauhari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 18039131
Depends on the access methods, e.g. telnet, SSH, FTP, NFS, etc.

Each access method logs different information, and different levels of detail.

Which access method(s) do you want to analyze?
0
 
LVL 48

Accepted Solution

by:
Tintin earned 70 total points
ID: 18040900
As PsiCop says, it depends on the method used to log in.

You can list all successful logins with the 'last' command.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 18043491
more /var/log/messages
more /var/adm/messages
more /var/adm/syslog
# path depends on your system version/setup
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:VivekJauhari
ID: 18044804
It is ok.. we can check with Last command but i wd like to knwo who tryied to login from which ip if login not success also. so that we can track which ip tring to breck our passwd/server.

is we can find this via any script? and if yes i need that script

regards
vivek jauhari
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18048453
To log failed logins (via telnet/ssh), edit /etc/default/logins and set

SYSLOG_FAILED_LOGINS=0

Then do:

touch /var/adm/loginlog
chown root:sys /var/adm/loginlog
chmod 600 /var/adm/loginlog

0
 
LVL 48

Expert Comment

by:Tintin
ID: 18048455
ssh attempts will be in /var/adm/messages or /var/adm/syslog
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question