command: show log authorization
shut be show authorization log but from time install 1.2.0-rc4 is not logging
I set in configuration facility authorization to debug and still logging nor work
var/log/auth.log is not is not changed.
command: show log authorization
shut be show authorization log but from time install 1.2.0-rc4 is not logging
I set in configuration facility authorization to debug and still logging nor work
var/log/auth.log is not is not changed.
Restricted Diffusion Commit | |
Restricted Diffusion Commit |
Hi @madkazas,
logins or failed logins are already logged in it's default configuration.
e.g.
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
Successful login:
Nov 4 18:01:40 hostname sshd[2724]: Accepted password for vyos from 192.168.0.10 port 51600 ssh2
Nov 4 18:01:40 hostname sshd[2724]: pam_unix(sshd:session): session opened for user vyos by (uid=0)
Failed login (wrong password):
Nov 4 18:02:04 hostname sshd[2812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.10 user=vyos
Nov 4 18:02:06 hostname sshd[2812]: Failed password for vyos from 192.168.0.10 port 51602 ssh2
Nov 4 18:02:08 hostname sshd[2812]: Connection closed by 192.168.0.10 [preauth]
Please keep in mind, that all syslog messages got per default into /var/log/messages and can be picked up there.
You can also define your own destinations and it's logfile rotation (set system syslog file ... for instance), feel free to do that if you'd like to filter all logins into a separate file.
Can you please check that you see the login/failed logins in /var/log/messages?
thx
Hi
In /var/log/messages I see this messages (succes and faile login)
but command:
show log authorization
not read /var/log/messages - is read /var/log/auth.log
then command above never see any new messages
and maybe auth.loh should be deleted during building ... otherwise introduces misunderstanding
PS. Default configuration logrotate now have compress = off , is bug or shut be =on default ?
I see.
Compress was never enabled, because of the 'show log' command.
Theoretically, it could be done but I'm not sure if it is really needed due to it's short rotation lifetime.
For the auth log issue, I need to discuss this internally first, I recommend to create your own file with the command I mentioned above if you want to have it logged separately.
Let me know if you need help accomplishing that.
https://github.com/vyos/vyatta-op/commit/3f33e3d1ce4e4a8dbcbdabd96763c87dfa4e2cff
Uses now journalctl to display all og messages as well as separate auth/authpriv messages.