1、修改SSH程序
[root@server01 ~]# vim /etc/ssh/sshd_config
将SyslogFacility AUTHPRIV改为SyslogFacility local5
2、修改日志程序
[root@server01 ~]#Vim /etc/syslog.conf
添加如下两行:
# save sshd messages also to sshd.log
local5.* /data/log/sshd.log
3、重启sshd和syslog服务
然后你可以使用ssh来登录看看发现与sshd有关的信息都记录到了sshd.log中。不在是messages。
4、从server02尝试登陆server01
[root@server02 ~]# ssh server01
root@server01's password:
Last login: Mon Aug 28 01:53:43 2017 from server02
[root@server01 ~]# exit
logout
Connection to server01 closed.
[root@server02 ~]#
5、查看登陆日志
[root@server01 ~]# tail -f /data/log/sshd.log
Aug 28 01:56:30 server01 sshd[52123]: Accepted password for root from 192.168.112.141 port 54508 ssh2
Aug 28 01:56:45 server01 sshd[52123]: Received disconnect from 192.168.112.141: 11: disconnected by user
本文转自027ryan 51CTO博客,原文链接:http://blog.51cto.com/ucode/1959897,如需转载请自行联系原作者
