[Klug-general] Auditing SSH login sessions
James Morris
jwm.art.net at gmail.com
Fri May 27 11:51:41 UTC 2011
On 27 May 2011 12:32, Alan at comm-tech <alan at communitytechnology.org.uk> wrote:
> last -a |grep accountname.
Last reads /var/log/wtmp by default, rather than /var/log/auth.log. I
only know this because when I tried using last, it omitted some user
logins and then looked in the man page to find out why.
Merely curiosity, but why does /var/log/wtmp omit some users?
James.
>
> You could use awk to extract columns in the result, and add up login time.
> Or just import output a spreadsheet ;)
>
> On 27/05/11 11:59, Colin McCarthy wrote:
>>
>> Hi all, especially server peoples :)
>>
>> I need to audit SSH sessions against a specific account. This account is
>> used by a company that is connected to our network via a VPN. I need to
>> know how many times, when and for how long, they login within a 30 day
>> period.
>>
>>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
More information about the Kent
mailing list