Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5729
  • Last Modified:

Linux PPTP server log file of user login

Hi All

             how do i log user who login to my pptp server ? my linux version is RHEL 6, and i install the pptp server from the following link, and when i go to /var/log/ppp , the folder ppp is empty, how i can see the log for vpn user, thx !

http://freehostinganswers.com/blog/how-to-install-your-own-vpn-server-in-5-mins-pptp-on-centos-redhat-and-ubuntu/

screen
0
piaakit
Asked:
piaakit
  • 7
  • 7
  • 2
1 Solution
 
nociSoftware EngineerCommented:
Hi what kind of log do you mean.
The fact that they logon should be recorded in the /var/log/auth file.

Some of the session info can be found in the /var/log/ppp directory (which contains the log files).

The data they transfer (the activity they do) you need to take down with a packet logging system like tcpdump / wireshark.
0
 
piaakitAuthor Commented:
The log that can see when they have logged in and which account has been logged in, I want to see related logs with this, I checked /var/log/PPP inside is empty
0
 
nociSoftware EngineerCommented:
if you want to see who used the system when, maybe entering
'enable-session' into the ppp config is a better option.
Then you can check the usage & current logins through the last utility.

Otherwise you will have to check your syslog settings. (may be different from deault).
that probably is configured to log into /var/log/auth the logins & /var/log/message for everything else, maybe the login also go to /var/log/messages

unless a private logfile has been assigned through the ppp config.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
piaakitAuthor Commented:
Hi Noci


                  under var/log/messages, i see the log when i connected to vpn, but it wont show which user has been connecting, and how do i enable-session into ppp config ? thx a lots for your help !

log
keith
0
 
nociSoftware EngineerCommented:
The key line here is:
the prelast one: you already have a sesion-enable or login in the ppp config.
But SELINUX is preventing you from updating it in the session database.
"SELinux  is preventing /usr/sbin/pppd "write" on /var/log/wtmp...

wtmp is the session database, that last can read to see who logged on. Also in'm not sure if pppd handles this as an error or as a warning only.

and what about /var/log/auth*?
0
 
piaakitAuthor Commented:
Hi Noci

/var/log/auth.  I can't find this auth in the
location, do I have to disable SElinux ?
0
 
MazdajaiCommented:
>>The log that can see when they have logged in and which account has been logged in.

Have you examine 'last'? Sample output -

kadmin pts/0        kztux.kze.local  Wed Feb 22 01:39 - 02:27  (00:48)    
kadmin tty1                          Tue Feb 21 16:42 - 16:42  (00:00)    
root     tty1                          Tue Feb 21 16:35 - 16:42  (00:06)    
reboot   system boot  2.6.32-220.el6.x Tue Feb 21 16:27 - 12:56  (20:29)    
kadmin tty1                          Mon Feb 20 15:23 - down   (00:00)    
root     tty1                          Mon Feb 20 14:49 - 15:23  (00:34)    
root     tty1                          Mon Feb 20 14:45 - 14:48  (00:03)    
reboot   system boot  2.6.32-220.el6.x Mon Feb 20 14:42 - 15:24  (00:42) 

Open in new window

0
 
nociSoftware EngineerCommented:
The last command won't show ppp logons in your case because pppd is forbidden to write into the file wtmp trhough SELinux.
Try to run SELinux in permissive or disable it (There are differences in that).
And see what last supplies then.
IMHO this is an error in the SELinux profile for pppd.

in the syslog config file (/etc/syslogd.conf) there is a line with auth.*
after that there is a filename, that is the exact filename to check.

If syslog-ng is sued the filename & rules are a little more complex.
grep -C 3 auth /etc/syslog*
might give the wanted info.
0
 
piaakitAuthor Commented:
Hi Noci


                In /etc/ i can not find syslogd.conf, and my pptp server is following below link to do, is below link step didnt show how to enable log for pptp service ?


http://freehostinganswers.com/blog/how-to-install-your-own-vpn-server-in-5-mins-pptp-on-centos-redhat-and-ubuntu/
0
 
piaakitAuthor Commented:
Below is the log from /var/log/messages, it is saying that "SELinux is preventing /usr/sbin/pppd "write" access on wtmp. for the complete selinux messages: selinux  messages. run ......

my selinux already disabled

log
0
 
nociSoftware EngineerCommented:
after setting disabled in the config file, did you reboot?  
selinux can only be disabled through a boot, after which it wont be activated.
0
 
MazdajaiCommented:
Try -

setenforce 0 

Open in new window


This will put selinux in permissive mode. If you decide to enable selinux you can simply flip it back without relabeling the entire file system.
0
 
nociSoftware EngineerCommented:
Well if in selinux enforcing mode the ppp doesn't log what is needed, then it makes no sense to set it enforcing. And permissive mode isn't that usefull, except for maintaining the file labeling as you say. If selinux will only be used in permissive then is can be disabled aswell. then At least the overhead of checking is removed too.
0
 
piaakitAuthor Commented:
Hi Noci


             after disabled selinux, and check /var/log/message, i still seeing the same log as before, can not display the vpn user name, see attached screenshot


pptp

Keith
0
 
nociSoftware EngineerCommented:
now the last command will show you the logins that happened.
litterary type
last
and then enter.

man last
will show some explanation on the last command & options.
0
 
piaakitAuthor Commented:
let me test it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 7
  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now