Hi all, especially server peoples :)<div><br></div><div>I need to audit SSH sessions against a specific account. This account is used by a company that is connected to our network via a VPN. I need to know how many times, when and for how long, they login within a 30 day period.</div>
<div><br></div><div>The server is running CentOS. I've looked in the /var/log/audit/audit.log* files and I can see my logon attempts but none of theirs. This is assuming they have actually connected at some point. The log files are not easy for me to read....any idea where date and time is stored :) Is it in some strange Unix value of seconds since 1901? :)</div>
<div><br></div><div>Also how can I make sure our logs record 30 days worth of records. Or can I script something specifically to watch out for and record that account?</div><div><br></div><div>Thanks</div><div><br></div>
<div>See you all tomorrow</div><div><br></div><div>Colin</div>