Re: bin/42540: /usr/bin/login does not log normal logins, does not log IP addresses

[jnemeth%victoria.tc.ca@localhost (John Nemeth)]

The following reply was made to PR bin/42540; it has been noted by GNATS.

From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost, 
netbsd-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/42540: /usr/bin/login does not log normal logins, does not log 
IP addresses
Date: Tue, 29 Dec 2009 09:44:23 -0800

 On Apr 16,  3:42am, eravin%panix.com@localhost wrote:
 }
 } >Number:         42540
 } >Synopsis:       /usr/bin/login does not log normal logins, does not log IP 
addresses
 } >Arrival-Date:   Tue Dec 29 15:35:00 +0000 2009
 } >Originator:     Ed Ravin
 } >Release:        5.0.1
 } >Description:
 } 1.  /usr/bin/login does not seem to generate syslog messages for
 } normal, successful logins.  syslog messages are only produced in case
 } of error, in case of root login, and a few other special cases.
 } 
 } 2. When /usr/bin/login does generate syslog messages regarding remote
 } connections, it uses the looked-up hostname, not the IP address. The
 } IP address is needed since the results of DNS lookups can change over
 } time and are not a reliable way to audit which hosts are connecting
 } to you,
 
      /var/log/authlog should have an entry for the telnet connection, i.e:
 
 Dec 29 09:37:43 P4-3679GHz inetd[4279]: connection from localhost(127.0.0.1), 
service telnet (tcp)
 
 Is this good enough for seeing what hosts connect to you, or do you
 need something that associates the connection with a user?
 
 }-- End of excerpt from eravin%panix.com@localhost