Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Logging logins only?

from [Eddie Willett] Network Security [Permanent Link]
Subject: RE: Logging logins only?
Date: Tue, 9 Nov 2004 13:02:48 -0500 
One way that I have used in the past that doesn't require programming skills
is to use crystal reports to bring up those reports.  It should be pretty
simple to get what you want out with it.

Eddie

______________________________________________
Eddie Willett
System Administrator
PPD Development

-----Original Message-----
From: David Roman Esteban [mailto:droman@plcendesa.com] 
Sent: Tuesday, November 09, 2004 12:02 PM
To: Blair Steenerson
Cc: secureshell@securityfocus.com
Subject: Re: Logging logins only?

Blair Steenerson wrote:


Hi all.  I've been reading this list for a while, and have followed 
the discussion of the automated probes that have become pretty common 
against SSH servers.  Same deal here.

I have a couple boxes using SSH which log to a central syslog server.  
I want to be able to keep track of who and when people login to these 
boxes, but since my logs are now filled up with thousands of lines of 
login errors (illegal user, not in allow list, etc), its getting to be 
a pain to sort through the garbage to keep track of what I want (not 
to mention a major waste of paper on the syslogd printer)

What I want to do is log only successful logins, but not all the 
script kiddie's probing - I know they are there, I can deal with 
that.  None of INFO, ERROR, FATAL or QUIET does the job.  
Unfortunately my programming skills suck or I would dig in myself....

Maybe someone here has a suggestion short of that?  Or maybe I have 
missed some trick somewhere?

Thanks for your time, and keep up the good work.

Version is OpenSSH  3.8p1, not using PAM

Blair





unix comand: last


-- 
Un saludo
David Román Esteban
droman@plcendesa.com
(+34)669229194




______________________________________________________________________
This email transmission and any documents, files or previous email
messages attached to it may contain information that is confidential or
legally privileged. If you are not the intended recipient or a person
responsible for delivering this transmission to the intended recipient,
you are hereby notified that you must not read this transmission and
that any disclosure, copying, printing, distribution or use of this
transmission is strictly prohibited. If you have received this transmission
in error, please immediately notify the sender by telephone or return email
and delete the original transmission and its attachments without reading
or saving in any manner.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SSH Not Working, David Sugar
Next by Date:  Do I have to generate the key on each client ?, Sabrina Lautier
Previous by Thread:  Re: Logging logins only?, David Roman Esteban
Next by Thread:  Re: Logging logins only? - ez, Alvin Oga
Indexes:  [Date] [Thread] [Top] [All Lists]