1. syslog.conf 설정
# vi /etc/syslog.conf
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
# FJSVmadm : This is setting of the Machine Administration.
# FJSVmadm : Don't delete the following lines.
# FJSVmadm : Because the message cannot be observed.
*.err;kern.debug;daemon.notice /var/opt/FJSVmadm/evh/evh_pipe
#ssh log
auth.info /var/log/authlog
auth.info (tab) /var/log/authlog 설정
2. /etc/ssh/sshd_config 파일에서 facility, level 확인
....
# Syslog facility and level
SyslogFacility auth
LogLevel info
Jul 20 10:06:39 test last message repeated 1 time
Jul 20 10:06:39 test sshd[3000]: [ID 800047 auth.notice] Failed keyboard-interactive for root from 192.168.21.89 port 59561 ssh2
Jul 20 10:06:40 test sshd[3000]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[9] while authenticating: 인증 실패
Jul 20 10:06:40 test sshd[3000]: [ID 800047 auth.notice] Failed keyboard-interactive for root from 192.168.21.89 port 59561 ssh2
Jul 20 10:06:40 test sshd[3000]: [ID 800047 auth.info] Connection closed by 192.168.21.89
Jul 20 10:06:40 test last message repeated 1 time
Jul 20 10:08:27 test sshd[3036]: [ID 800047 auth.info] Keyboard-interactive (PAM) userauth failed[9] while authenticating: 인증 실패
Jul 20 10:08:35 test last message repeated 1 time
Jul 20 10:08:35 test sshd[3036]: [ID 800047 auth.notice] Failed keyboard-interactive for root from 192.168.21.89 port 59563 ssh2
Jul 20 10:08:45 test sshd[3036]: [ID 800047 auth.info] Accepted keyboard-interactive for root from 192.168.21.89 port 59563 ssh2
로그인 성공, 실패들을 확인할 수 있다.
'Work > Solaris' 카테고리의 다른 글
| Oracle T 장비 H/W 레이드카드로 인한 볼륨 인식 (Solaris10) (3) | 2016.05.02 |
|---|---|
| 스토리지 볼륨 재구성으로 인한 백업 (0) | 2016.04.05 |
| Solaris 10 디스크 device reconfigure (0) | 2015.08.13 |
| solaris 10 ldom guest domain ok모드 (0) | 2015.08.13 |
| ldom telnet localhost connection refused 될때 (0) | 2015.07.20 |