Hi,
I am monitoring the logs generated by the syslogd to catch the logins. I've checked the syslog.conf and the root logins go to the secure log. Now I need to catch the normal user logins. I can't find these on any log, I've also tried to put *.* /var/log/everything in syslog.conf to catch everything, but it can't catch the normal user logins.

Is there a way to do this?
Thnks.

i think you should look in ' /var/log/syslog '.
mine are there, and it's standard-config for Slack 10.

egag

I like to add *.* to /etc/syslogd.conf also.
but mine looks like so

*.* <6xtab> /dev/tty8

this way, when I am in console, I can just
switch over to tty8 and view my syslog.

-tank

I've added *.* <six tabs> /dev/tty8 to /etc/syslog.conf, restarted the daemon, but stills not showing the normal users logins. I've switched over to tty8 to check but there was no normal user login message.
This error is showed to many times, modprobe: modprobe: Can't locate module char-major-10-134, I'm not sure but I think the problem doesn't have to do with this error, I've searched in the net and saw that this error is something related with cdrom...

Any ideas?
Thanks.

can you post your syslog.conf file ?

egag

Here's my syslog.conf :

# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
# of these entries; this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.

# Uncomment this to see kernel messages on the console.
#kern.* /dev/console

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;authpriv.none;\
cron.none;mail.none;news.none -/var/log/messages

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog

# Debugging information is logged here.
*.=debug -/var/log/debug

# Private authentication message logging:
authpriv.* -/var/log/secure

# Cron related logs:
cron.* -/var/log/cron

# Mail related logs:
mail.* -/var/log/maillog

# Emergency level messages go to all users:
*.emerg *

# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice

*.* /dev/tty8

#### end of syslog.conf

hi there

user logs go to
/var/run/utmp
file

man utmp wil help u more

regards

But /var/run/utmp it's not in plain text, I think it's generated with some program...
The syslog daemon doesn't control this type of logins?

you can take a look at it with :

#dump-utmp -n 20 /var/run/utmp
or
#dump-utmp -n 20 /var/log/wtmp
but i don't think it's what you're looking for.....
( see also man-pages )

btw: the logs i saw in the syslog were all su-to-root-logs ( wich is the first thing i do after logging in...)

egag

thats whaty i told u
have a look at man utmp for more info
u need to write C progrma for ur utmp file
same way as "w " and "who" does

i have ben involved in that kind of project
have a look at my link below , it has that code for the C program also

regards