Short one that I've been unable to find a decent answer for.
Centos 5.10 server, trying to trawl through all the logs I can to see what IPs successfully accessed the server. I've been mucking about with /var/log/secure
and /var/log/audit/audit.log
.
Most interesting thing I found was from the /root/.bash_history
, grepping through a few suspect directories and files for a specific IP but I want to be sure exactly what IPs have accessed the server via ssh.
TL;DR:
Does /var/log/secure
log ssh successes or is there some other file on centos systems that do?
Best Answer
You're looking to grep for "Accepted", not something in the lines of "Success-"