[syslog-ng] patterndb: collect login/logout samples
Anton Chuvakin
anton at chuvakin.org
Tue Jul 13 21:47:17 CEST 2010
> My target is at first is login/logout/login failure events. I'd start
> with a generic Linux installation and try to cover all applications that
> perform authentication.
Some logouts + session ended's too:
Jul 11 08:09:01 anton-linux CRON[24475]: pam_unix(cron:session):
session closed for user root
Apr 28 03:34:36 esx1 sshd(pam_unix)[9032]: session closed for user anton
Just for fun:
VMWare ESX login success
Apr 27 01:01:12 esx1 /usr/lib/vmware/hostd/vmware-hostd[1479]:
Accepted password for user root from 127.0.0.1
Will send more as I dig thru my archives...
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Consulting: http://www.securitywarriorconsulting.com
Twitter: @anton_chuvakin
Google Voice: +1-510-771-7106
More information about the syslog-ng
mailing list