Ok, I setup a test server with FreeBSd 6.2 installed Compiled the kernel to include auditd SAMBA3, NetAtalk, and SSH enabled Audit seems to log the ssh connections, but doesn't log the smb/cifs netatalk connections. I'd also like to monitor MySQl connections. Is there a way to do this? I went through the audit section of the handbook, but there is nothing specific. Thanks On Jan 15, 2008, at 11:18 AM, Robert Watson wrote: > > On Tue, 15 Jan 2008, Richard Bates wrote: > >> I know login failures are logged in /var/log/auth.log >> >> is there a way to log the login of users in this log say something >> like >> >> Jan 15 10:59:00 MyServer sshd[91869]: User bates authenticated >> from 172.18.1.139 >> Jan 15 10:59:00 MyServer sshd[91869]: User bates Disconnected from >> 172.18.1.139 > > The normal system lastlog, accessed via last(1), does this fairly > well. As you notch up the level of logging on sshd, it should also > be able to do that. However, I tend to use audit for the above type > of functionality, as the results are more parseable using tools > like auditreduce. There's a handbook chapter on how to configure > and use audit, should you be looking for something a bit more on > that scale of things. > > Robert N M Watson > Computer Laboratory > University of Cambridge >Received on Wed Jan 16 2008 - 18:01:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:26 UTC