Линукс Create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth. From one terminal, watch the file as data comes into it, and in another terminal, try to ssh into your local machine as any valid user, with a bad password.
To create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth, you can add the following line to the file:
authpriv.* /var/log/myauth
After saving the changes, you will need to restart the rsyslog service for the changes to take effect. You can do this by running the following command:
sudo systemctl restart rsyslog
To watch the /var/log/myauth file for incoming data, you can use the following command in one terminal:
sudo tail -f /var/log/myauth
In another terminal, you can try to ssh into your local machine with a bad password by running the following command:
Replace "username" with a valid user on your local machine. You will be prompted for a password, and if you enter the wrong password, the authentication message will be logged to /var/log/myauth, and you will see the log data in the first terminal where you are monitoring the file.
To create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth, you can add the following line to the file:
authpriv.* /var/log/myauth
After saving the changes, you will need to restart the rsyslog service for the changes to take effect. You can do this by running the following command:
sudo systemctl restart rsyslog
To watch the /var/log/myauth file for incoming data, you can use the following command in one terminal:
sudo tail -f /var/log/myauth
In another terminal, you can try to ssh into your local machine with a bad password by running the following command:
ssh username@localhost
Replace "username" with a valid user on your local machine. You will be prompted for a password, and if you enter the wrong password, the authentication message will be logged to /var/log/myauth, and you will see the log data in the first terminal where you are monitoring the file.