Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Finding SSHD logs and log filtering

So through the stuff i read the logs are suppose to bein /var/log/secure but i havent found anything like that in fedora 21 which im assuming is because of the systemd change which in that case you would use journalctl _COMM=sshd or journalctl _SYSTEMD_UNIT=sshd.service if there is another service running in parallel?

Well my question is how do i filter out this even more like the entries listed after [14377]: like input_userauth or a user here is a example: Jan 30 15:48:30 localhost.localdomain sshd[14377]: input_userauth_request: invalid user admin [preauth]