标签:ssh
1、修改SSH程序
[root@server01 ~]# vim /etc/ssh/sshd_config
将SyslogFacility AUTHPRIV改为SyslogFacility local5
2、修改日志程序
[root@server01 ~]#Vim /etc/syslog.conf
添加如下两行:
# save sshd messages also to sshd.log
local5.* /data/log/sshd.log
3、重启sshd和syslog服务
然后你可以使用ssh来登录看看发现与sshd有关的信息都记录到了sshd.log中。不在是messages。
4、从server02尝试登陆server01
[root@server02 ~]# ssh server01
root@server01‘s password:
Last login: Mon Aug 28 01:53:43 2017 from server02
[root@server01 ~]# exit
logout
Connection to server01 closed.
[root@server02 ~]#
5、查看登陆日志
[root@server01 ~]# tail -f /data/log/sshd.log
Aug 28 01:56:30 server01 sshd[52123]: Accepted password for root from 192.168.112.141 port 54508 ssh2
Aug 28 01:56:45 server01 sshd[52123]: Received disconnect from 192.168.112.141: 11: disconnected by user
本文出自 “平平淡淡才是真” 博客,请务必保留此出处http://ucode.blog.51cto.com/10837891/1959897
标签:ssh
原文地址:http://ucode.blog.51cto.com/10837891/1959897
