How about looking at /var/log/secure
I personaly run this as
#tail -f /var/log/secure > /mywebserver/root/secure &
then I monitor result from my web browser. This log will show you all services logins attempted whether it's telnet, ftp, mail...etc..and when tailing it, you will see it as it happens.
If you really wanna see every single traffic that come thru, try command #tcpdump you can do man on it for options.
But basically to look and find past stuff in linux, you have to check logs and they are usualy under /var/log/*
Hope this helped.
|