Operating System - HP-UX

1833446 Members

3119 Online

110052 Solutions

monitoring incorrect login ssh - sftp

Dear expert,

I have read and try script to capture inforect login/ftp and su attempt from therad
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=962197 (Thanks to Mel Burslan for script - however there is error in line 10 and need some modification on line 20).

Now I want to modify it to capture correct/incorrect ssh and sftp login. What should I grep the messages from syslog, for example :
Apr 19 10:44:30 genrep sshd[16511]: subsystem request for sftp
Apr 19 10:45:05 genrep sshd[16517]: error: PAM: Authentication failed for sysadm from mypc.com
Apr 19 10:45:07 genrep sshd[16517]: Failed keyboard-interactive/pam for sysadm from xxx.xxx.xxx.xxx port 1617 ssh2
Apr 19 10:45:11 genrep sshd[16517]: Accepted password for sysadm from xxx.xxx.xxx.xxx port 1617 ssh2
Apr 19 10:45:07 genrep sshd[16517]: error: PAM: Authentication failed for sysadm from mypc.com
Apr 19 10:45:13 genrep above message repeats 2 times
Apr 19 11:04:34 genrep sshd[17740]: error: PAM: Authentication failed for sysadm from mypc.com
Apr 19 11:04:36 genrep sshd[17740]: Failed keyboard-interactive/pam for sysadm from xxx.xxx.xxx.xxx port 1719 ssh2
Apr 19 11:04:37 genrep sshd[17740]: Failed password for sysadm from xxx.xxx.xxx.xxx port 1719 ssh2
Apr 19 11:04:36 genrep sshd[17740]: error: PAM: Authentication failed for sysadm from mypc.com
Apr 19 11:04:49 genrep above message repeats 2 times
Apr 19 11:04:49 genrep su: + 0 sysadm-root
Apr 19 11:04:39 genrep sshd[17740]: Failed password for sysadm from xxx.xxx.xxx.xxx port 1719 ssh2
Apr 19 11:05:01 genrep above message repeats 2 time.Apr 19 11:08:33 genrep sshd[18621]: Accepted keyboard-interactive/pam for sysadm from xxx.xxx.xxx.xxx port 1750 ssh2
Apr 19 11:09:32 genrep sshd[18830]: Accepted keyboard-interactive/pam for sysadm from xxx.xxx.xxx.xxx port 1797 ssh2
Apr 19 11:09:32 genrep sshd[18844]: subsystem request for sftp

What is the different for incorrect login for sftp and ssh.

Any idea ?

Thanks a lot before,

EKO

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

monitoring incorrect login ssh - sftp

monitoring incorrect login ssh - sftp