history of remote login

jonfa · 05-19-2001, 01:15 AM

I have set up telnet access to my linux box. How do I check to see the history (who, what, when) of who has accessed my machine? Is this possible?

Thanks.

nabil · 05-19-2001, 01:18 AM

try the command "last" or hit /var/log

jonfa · 05-19-2001, 01:23 AM

I tried the "last" command and it displays the user login only, that is for users physically at the machine. Where in the /var/ directory might I find this info?

nabil · 05-19-2001, 03:21 AM

How about looking at /var/log/secure
I personaly run this as
#tail -f /var/log/secure > /mywebserver/root/secure &

then I monitor result from my web browser. This log will show you all services logins attempted whether it's telnet, ftp, mail...etc..and when tailing it, you will see it as it happens.
If you really wanna see every single traffic that come thru, try command #tcpdump you can do man on it for options.
But basically to look and find past stuff in linux, you have to check logs and they are usualy under /var/log/*

Hope this helped.

miladamirzadeh · 12-02-2011, 01:32 AM

When I have some linuxly problems LQ is my place to find solutions.

ottavio · 12-02-2011, 06:23 AM

Quote:

Originally Posted by nabil

I personaly run this as
#tail -f /var/log/secure > /mywebserver/root/secure &

Are you sure it's not
tail -f /var/log/secure >> /mywebserver/root/secure &

Otherwise that will rewrite the file without appending on it.

Or can you not just make a symlink to /var/log/secure ?