Configure syslog to print the Security violation alarm on user terminal


Open the /etc/rsyslog.conf file for syslog configuration in fedora Linux (some linux like CentOS has /etc/syslog.conf). It will show the something similar as given below:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron
# Everybody gets emergency messages
*.emerg                                                 *
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

Add a new line in this file, as follows:

# root will gets login failure messages on its terminal
authpriv.warning                                        root

You can also add multiple users with comma separated like

# root will gets login failure messages on its terminal
authpriv.warning                                        root,Rahul

After doing the changes on syslog configuration file, restart the syslog service by following command.

# service rsyslog start

Now you can get the live information directly on your terminal, if someone trying to do a password attack.

Advertisements

2 thoughts on “Configure syslog to print the Security violation alarm on user terminal

  1. Pingback: Configure syslog to print the Security violation alarm on user terminal (via Linux Explore) « Linux Explore

  2. Pingback: Configure syslog to print the Security violation alarm on user terminal (via Linux Explore) | Linux Explore

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s