Gentoo Archives: gentoo-amd64

From: Eric Bliss <eric@×××××××××××.net>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] /var/log
Date: Wed, 21 Dec 2005 17:28:46
Message-Id: 200512210924.55534.eric@creativecow.net
In Reply to: [gentoo-amd64] /var/log by Gavin Seddon
On Wednesday 21 December 2005 04:32 am, Gavin Seddon wrote:
> Hi all, > I have been looking in '/var/log' for users logging on. The files and > directories in there are fastidiously organised (to say the least). > Better than usual UNIX distros. What is the best place to look for > logins/hacks. > Gavin.
Try looking at auth.log and wtmp. auth.log is a plaintext log of login attempts, and wtmp is a binary file that is used by the "who" command, and can also be accessed by the "last" command. -- Eric Bliss systems design and integration, CreativeCow.Net -- gentoo-amd64@g.o mailing list