NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/42540: /usr/bin/login does not log normal logins, does not log IP addresses

On Apr 16,  3:42am, wrote:
} >Number:         42540
} >Synopsis:       /usr/bin/login does not log normal logins, does not log IP 
} >Arrival-Date:   Tue Dec 29 15:35:00 +0000 2009
} >Originator:     Ed Ravin
} >Release:        5.0.1
} >Description:
} 1.  /usr/bin/login does not seem to generate syslog messages for
} normal, successful logins.  syslog messages are only produced in case
} of error, in case of root login, and a few other special cases.
} 2. When /usr/bin/login does generate syslog messages regarding remote
} connections, it uses the looked-up hostname, not the IP address. The
} IP address is needed since the results of DNS lookups can change over
} time and are not a reliable way to audit which hosts are connecting
} to you,

     /var/log/authlog should have an entry for the telnet connection, i.e:

Dec 29 09:37:43 P4-3679GHz inetd[4279]: connection from localhost(, 
service telnet (tcp)

Is this good enough for seeing what hosts connect to you, or do you
need something that associates the connection with a user?

}-- End of excerpt from

Home | Main Index | Thread Index | Old Index