aureport does not log logins

aureport does not log logins

[Bo Phan]

[-- Attachment #1.1: Type: text/plain, Size: 567 bytes --]

OS: Suse 9.3
aureport version 1.6.2

I know it's something that I need to see but I've been struggling with this
project for so long. When I do aureport, logins (either successful or
failed) are not showed.
I watch the /var/log/audit/audit.log and it does not log any logins
attempts. Frankly, my audit.rules has the following
-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins
 But I guess it only watches changes in these 2 logs.

Also, the /var/log/messages does show all login attempts if it points to
something. Thanks all for your help.
Bo

[-- Attachment #1.2: Type: text/html, Size: 617 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: aureport does not log logins

[Steve Grubb]

On Wednesday 25 June 2008 11:28:10 Bo Phan wrote:
> I know it's something that I need to see but I've been struggling with this
> project for so long. When I do aureport, logins (either successful or
> failed) are not showed.

The login notifications come from patches to the login programs, so you cannot 
add rules to get this. The event type you are looking for is USER_LOGIN. If 
they are not in your logs, aureport cannot work since the data is missing.

-Steve