[Klug-general] Auditing SSH login sessions

Colin McCarthy binarysignal at gmail.com
Fri May 27 11:11:12 UTC 2011


Hi all, especially server peoples :)

I need to audit SSH sessions against a specific account.   This account is
used by a company that is connected to our network via a VPN.  I need to
know how many times, when and for how long, they login within a 30 day
period.

The server is running CentOS. I've looked in the /var/log/audit/audit.log*
files and I can see my logon attempts but none of theirs.  This is assuming
they have actually connected at some point.  The log files are not easy for
me to read....any idea where date and time is stored :) Is it in some
strange Unix value of seconds since 1901? :)

Also how can I make sure our logs record 30 days worth of records.  Or can I
script something specifically to watch out for and record that account?

Thanks

See you all tomorrow

Colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110527/835c46c8/attachment.htm>


More information about the Kent mailing list