Hi everyone,

Can anyone tell me if RedHat linux installs something that logs failed login attempts automatically or if it's something that we have to setup manually. Either way, does anyone know which log has it? syslog.conf doesn't have anything that points me in the right direction, it tells me where the mail and network logs are but nothing about logins.
Any help?

Joe

/var/log/messages

I'm not sure what the default on/off switch is, but check the mans on initlog, syslog and logger.

Here's a handy one I use all the time. Make this executable, and put it in your path someplace.

#!/bin/bash
cat /var/log/messages |grep authent |less

and the output looks like:

Jul 16 14:42:20 raymondjones PAM_pwdb[27228]: authentication failure; ray(uid=501) -> root for su service
Jul 16 15:50:32 raymondjones PAM_pwdb[14317]: authentication failure; (uid=0) -> christy for pop service
Jul 17 08:29:53 raymondjones PAM_pwdb[25954]: authentic

You can see I mistype my passwd occasionally. :)