Hi There,
I just wanted to confirm with you if ssh information is recorded onto /var/log/message or /var/log/secure.
According to VMware documentation ssh activity is recorded onto /var/log/secure but my environment shows the opposite. None ssh activity was recorded in /var/log/secure
Aug 16 11:25:14 esx1 sshd[2794]: Connection from 192.168.147.128 port 2725
Aug 16 11:25:20 esx1 sshd[2794]: Accepted password for root from 192.168.147.128 port 2725 ssh2
Aug 16 11:25:20 esx1 sshd(pam_unix)[2794]: session opened for user root by (uid=0)
Saludos,
Jose Maria Gonzalez,
-
http://www.JmGVirtualConsulting.com
http://www.josemariagonzalez.es
VMware vExpert 2009
Co-autor del Libro <a href="http://www.amazon.com/Administrando-VMware-Recovery-Manager-Actualizaci%C3%B3n/dp/B002AD5KUA/ref=sr_1_3?ie=UTF8&s=books&qid=1244230201&sr=8-3" target="_blank">VMware Site Recovery Manager 1.0 update1</a>
-
If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct.
<a href="http://feedproxy.google.com/ElBlogDeVirtualizacionEnEspanol">!http://feedproxy.google.com/ElBlogDeVirtualizacionEnEspanol.2.gif!</a>
The file is /var/log/message.
In /etc/ssh/sshd_config you can see that log go into "auth" facility.
But in /etc/syslog.conf there is a specific file for "auth" (that is different from "authpriv"), so the valid match is "*.info" -> /var/log/message
Andre
Thanks Andre for your prompt reply and for confirming that, much appreciated. I guess VMware should them amend the official documentation for the Deploy, Secure and Analyze training material. (see Module 8: slide 16.
Saludos,
Jose Maria Gonzalez,
-
http://www.JmGVirtualConsulting.com
http://www.josemariagonzalez.es
VMware vExpert 2009
Co-autor del Libro <a href="http://www.amazon.com/Administrando-VMware-Recovery-Manager-Actualizaci%C3%B3n/dp/B002AD5KUA/ref=sr_1_3?ie=UTF8&s=books&qid=1244230201&sr=8-3" target="_blank">VMware Site Recovery Manager 1.0 update1</a>
-
If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct.
<a href="http://feedproxy.google.com/ElBlogDeVirtualizacionEnEspanol">!http://feedproxy.google.com/ElBlogDeVirtualizacionEnEspanol.2.gif!</a>