1 person found this helpful
The file is /var/log/message.
In /etc/ssh/sshd_config you can see that log go into "auth" facility.
But in /etc/syslog.conf there is a specific file for "auth" (that is different from "authpriv"), so the valid match is "*.info" -> /var/log/message
Thanks Andre for your prompt reply and for confirming that, much appreciated. I guess VMware should them amend the official documentation for the Deploy, Secure and Analyze training material. (see Module 8: slide 16.
Jose Maria Gonzalez,
VMware vExpert 2009
Co-autor del Libro VMware Site Recovery Manager 1.0 update1
If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct.