ssh log
I'm sure someone must have found a way to get over the problem I am facing. The only thing I want to do is to get the detail log from ubuntu ssh server. After running the command "sudo sshd /var/log/auth.log" I can get the semi-detail log like this:
-------
Mar 11 19:18:07 localhost sshd[10749]: Connection from 61.129.113.52 port 38531
Mar 11 19:18:08 localhost sshd[10749]: Invalid user test from 61.129.113.52
Mar 11 19:18:08 localhost sshd[10749]: error: Could not get shadow information for NOUSER
Mar 11 19:18:08 localhost sshd[10749]: Failed password for invalid user test from 61.129.113.52 port 38531 ssh2
Mar 11 19:18:09 localhost sshd[10751]: Connection from 61.129.113.52 port 38582
Mar 11 19:18:11 localhost sshd[10751]: Invalid user guest from 61.129.113.52
Mar 11 19:18:11 localhost sshd[10751]: error: Could not get shadow information for NOUSER
Mar 11 19:18:11 localhost sshd[10751]: Failed password for invalid user guest from 61.129.113.52 port 38582 ssh2
Mar 11 19:18:11 localhost sshd[10753]: Connection from 61.129.113.52 port 38635
Mar 11 19:18:13 localhost sshd[10753]: Invalid user admin from 61.129.113.52
-------
I'm sure most of the people running ssh server are familiar with this kind of log. The problem is, when you want to send a complaint to the service provider of some of those unauthorized access attempts, all the ISP(s) want to obtain a detail log that include:
1. specific hosts from which the user was connected to
2.the time in GMT format at which the incident occurred
3.a short description of what was done
The command "sudo sshd /var/log/auth.log" provides pretty much everything most ISP(s) are looking for in log file except the "host IP address" where the user was trying to connect or connected to.
So, my question is, is there a way to get a log that contains those specific information that looks like this:
"Mar 27 22:11:08 destination IP 123.123.123.123 PID[1010] Connection from 61.129.113.52 port 38635"
If there is no way of getting the log with those info, I'd like to know if there is any other option.
Thanks.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask STN for more information if necessary.