Линукс
Create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth. From one terminal, watch the file as data comes into it, and in another terminal, try to ssh into your local machine as any valid user, with a bad password.

Предыдущий
вопрос Следующий
вопрос

To create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth, you can add the following line to the file:

authpriv.* /var/log/myauth

After saving the changes, you will need to restart the rsyslog service for the changes to take effect. You can do this by running the following command:

sudo systemctl restart rsyslog

To watch the /var/log/myauth file for incoming data, you can use the following command in one terminal:

sudo tail -f /var/log/myauth

In another terminal, you can try to ssh into your local machine with a bad password by running the following command:

ssh username@localhost

Replace "username" with a valid user on your local machine. You will be prompted for a password, and if you enter the wrong password, the authentication message will be logged to /var/log/myauth, and you will see the log data in the first terminal where you are monitoring the file.