Subject: Re: logging bad login attempts
To: Randy Terbush <randy@zyzzyva.com>
From: Chris G Demetriou <Chris_G_Demetriou@LAGAVULIN.PDL.CS.CMU.EDU>
List: current-users
Date: 03/07/1995 07:48:08
> It does not appear to be possible to log failed login attempts
> with the supplied login. (ie the attempted login, etc.) Am
> I wrong?
failed logins are logged (without the attempted login name) at
LOG_NOTICE priority.
failed logins are logged _with_ the attempted login name at
LOG_NOTICE priority, and with the LOG_AUTHPRIV facility.
if you set up some lines in syslog.conf like:
# The authpriv log file should be restricted access;
# these messages shouldn't go to terminals or publically-readable files.
authpriv.* /var/log/secure
then it'll do what you want.
cgd