On Sat, May 22, 2010 at 01:47:20PM +0200, Martin Schulte wrote:
Am 09.04.2010 10:24, schrieb Martin Schulte:is there a way to find out, which person logged in on which machine? I'm using Linux and windows as clients. Can the clients-(auth)-Log-files be stored on tjener? The auth.log on tjener doesn't store informations about the IP-address or the hostname, only something like thisNow i found a way, how store store information about log-ins on tjener. I'm using syslog-ng. I wrote a little Howto in the wiki, you can find it here:----Apr 9 09:32:33 tjener smbd[4932]: pam_unix(samba:session): session opened for user ...---- Regards, Martinenglish: http://wiki.debian.org/DebianEdu/HowTo/syslog-ng german: http://wiki.skolelinux.de/syslog-ng
As Petter says, rsyslog is the new default of Debian. Before rsyslogd emerged I would favor syslog-ng too, but no more. It supports filters too: http://www.rsyslog.com/doc-rsyslog_conf_filter.html
More flexible approach (and also with more levels of security, making it more complex to setup) is to use Prelude. The log analyzer part (prelude-lml) by default tracks "remote logins" which may or may not catch the logins of Skolelinux users. But it can be tweaked very heavily - and extended to also centrally collect and analyze e.g. kernel warnings (audispd-plugins), filesystem integrity (samhain), firewall activities (nuauth) and network anomalies (snort, suricata), and present the result in a web interface (prewikka) or report through mail, sms or in X11 Desktop status area of admin accounts (prelude-notify).
- Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: Digital signature