| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| To: | cygwin AT cygwin DOT com |
| From: | =?ISO-8859-1?Q?Ren=E9_Berber?= <rberber AT prodigy DOT net DOT mx> |
| Subject: | Re: audit log\'s |
| Date: | Wed, 09 Nov 2005 11:14:11 -0600 |
| Lines: | 59 |
| Message-ID: | <dktap2$lpt$1@sea.gmane.org> |
| References: | <437089650fe0e5 DOT 43454388 AT sarenet DOT es> |
| Mime-Version: | 1.0 |
| User-Agent: | Mozilla Thunderbird 1.0.2 (Windows/20050317) |
| In-Reply-To: | <437089650fe0e5.43454388@sarenet.es> |
| OpenPGP: | url=ldap://keyserver.pgp.com |
| X-IsSubscribed: | yes |
CLaudia wrote: > We want to know the audit logs with CYGWIN. We use the WIndows 2000 audit= , but we need more information. In the sshd.log we can't see anything. What= we must do? I'm not sure what the "Windows 2000 audit" is, so my answer might not be wh= at you want, but... Sshd (the daemon) logs by default on the Windows Event Application list, th= is can be changed in the configuration (/etc/sshd_config) so that it can log u= sing syslog (a separate package not installed by default). It also logs to wtmp, you can see who loged in and from where but entries a= re not distinguishable from telnet/ftp/or any other logins. One example of failed login in the event log (very common when somebody tri= es to "break" into your computer) is (6 events): The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The = local computer may not have the necessary registry information or message DLL fil= es to display messages from a remote computer. You may be able to use the /AUXSOU= RCE=3D flag to retrieve this description; see Help and Support for details. The following information is part of the event: sshd : PID 2868 : Invalid user = lidia from 61.129.117.112. The description ... The following information is part of the event: sshd : PID 2996 : input_userauth_request: invalid user lidia. The description ... The following information is part of the event: sshd : PID 2868 : Failed password for invalid user lidia from 61.129.117.112 port 43285 ssh2. The description ... The following information is part of the event: sshd : PID 2996 : Failed password for invalid user lidia from 61.129.117.112 port 43285 ssh2. The description ... The following information is part of the event: sshd : PID 2996 : Received disconnect from 61.129.117.112: 11: Bye Bye. The description ... The following information is part of the event: sshd : PID 2868 : fatal: mm_request_receive: read: Software caused connection abort. HTH --=20 Ren=E9 Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |