[arch-general] Missing auth.log
Jonathon Fernyhough
jonathon at manjaro.org
Fri Nov 16 01:04:02 UTC 2018
On 16/11/2018 00:43, Maxe wrote:
> Hi,
>
> One of our systems, running ARCH Linux, was compromised (a
> non-privileged account, fortunately). But, we could not find
> /var/log/auth.log or similar for investigation. Does the journal keep
> track of login attempts?
Yes.
journalctl allows access to the logs from sshd, `journalctl -u sshd`
Also,
https://classic.startpage.com/do/search?q=arch+auth.log
points to:
https://wiki.archlinux.org/index.php/systemd#Facility
which says:
> * Show auth.log equivalent by filtering on syslog facility:
>
> # journalctl SYSLOG_FACILITY=10
which is worth a go.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20181116/23224db3/attachment.asc>
More information about the arch-general
mailing list