Gentoo Archives: gentoo-amd64

From: Craig Webster <craig@××××××.net>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] /var/log
Date: Wed, 21 Dec 2005 12:48:57
Message-Id: 77E75E7E-01DD-4C06-9CD0-D131F3B2B04A@xeriom.net
In Reply to: [gentoo-amd64] /var/log by Gavin Seddon
On 21 Dec 2005, at 12:32, Gavin Seddon wrote:
> I have been looking in '/var/log' for users logging on. The files and > directories in there are fastidiously organised (to say the least). > Better than usual UNIX distros. What is the best place to look for > logins/hacks.
Which syslog daemon do you use? How is it configured? I use metalog and I get password failure notices in /var/log/pwdfail/* You could also run lastlog |grep -v '**Never logged in**' to see when people last logged in. Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@××××××.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net -- gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] /var/log Gavin Seddon <gavin.m.seddon@×××××××××××××.uk>