On Sun, Feb 05, 2006 at 07:59:52PM +0100, Jan Danielsson wrote:
[..]
>    However, /var/log/authlog is getting rotated, but I can't figure
> where/how often, etc. If I would perform a query at a "bad time", I
> assume the log entry could have been archived. So I would like to find a
> more fail safe way to catch the "bad logins".

/etc/newsyslog.conf

Bernd