[rsyslog-notify] Forum Thread: Re: Rsyslog doesn't log successful login attempts from a con - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Feb 27 23:50:05 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25284#p25284
Message:
----------
If the only rule in your config is the debug rule (double check that you
don't have any included configs), and you aren't seeing a successful login,
then the problem is that the system isn't delivering the logs to rsyslog.
RHEL 6.6 isn't using systemd, so it shouldn't be a journald issue (although
if systemd has been installed, that's what you need to check). So you need
to check the configuration of the login components. I would expect you to
see a bunch of pam log messages with any login, plus the message from the
component that is granting the access. The fact that it's not doing this
with a very simple config is scary. It makes me wonder if your machine has
been compromized, but I don't user RHEL myself, so it's possible that
there's a less dangerous explination.
can you post your full config file?
More information about the rsyslog-notify
mailing list