Open the /etc/rsyslog.conf file for syslog configuration in fedora Linux (some linux like CentOS has /etc/syslog.conf). It will show the something similar as given below:
| # Log all kernel messages to the console. |
| # Logging much else clutters up the screen. |
| #kern.* /dev/console |
| # Log anything (except mail) of level info or higher. |
| # Don’t log private authentication messages! |
| *.info;mail.none;authpriv.none;cron.none /var/log/messages |
| # The authpriv file has restricted access. |
| authpriv.* /var/log/secure |
| # Log all the mail messages in one place. |
| mail.* -/var/log/maillog |
| # Log cron stuff |
| cron.* /var/log/cron |
| # Everybody gets emergency messages |
| *.emerg * |
| # Save news errors of level crit and higher in a special file. |
| uucp,news.crit /var/log/spooler |
| # Save boot messages also to boot.log |
| local7.* /var/log/boot.log |
Add a new line in this file, as follows:
| # root will gets login failure messages on its terminal |
| authpriv.warning root |
You can also add multiple users with comma separated like
| # root will gets login failure messages on its terminal |
| authpriv.warning root,Rahul |
After doing the changes on syslog configuration file, restart the syslog service by following command.
| # service rsyslog start |
Now you can get the live information directly on your terminal, if someone trying to do a password attack.
Linux Explore 
Pingback: Configure syslog to print the Security violation alarm on user terminal (via Linux Explore) « Linux Explore
Pingback: Configure syslog to print the Security violation alarm on user terminal (via Linux Explore) | Linux Explore