solaris重启syslog 配置单独的认证日志

 

在/etc/syslog里面添加了下面一行：

auth.info           /var/log/secure        //记录认证信息

 

接下来就需要重新启动下syslog操作了

 

#svcadm restart system-log

 

#cat /var/log/secure

 

May 25 13:58:33 zhao-file sshd[893]: [ID 800047 auth.info] Accepted password for ckl from 180.168.81.54 port 53705 ssh2

May 25 13:59:45 zhao-file sshd[909]: [ID 800047 auth.info] Accepted publickey for ckl from 180.168.81.54 port 53706 ssh2

May 25 14:01:18 zhao-file sshd[938]: [ID 800047 auth.info] Did not receive identification string from 61.151.248.196

May 25 14:03:28 zhao-file sshd[911]: [ID 800047 auth.info] Received disconnect from 180.168.81.54: 0: 

May 25 14:03:32 zhao-file sshd[895]: [ID 800047 auth.info] Received disconnect from 180.168.81.54: 0: