→ Applies to: SynetoOS 4.x
All commands in this article are intended to be executed via SynetoOS CLI.
Tracking Logins
List all logins
less /var/log/secure.logIMPORTANT
You can check for older files (e.g. "secure.log.0", "secure.log.N") and access them.
EXAMPLEMar 3 03:12:00 Syn02 sudo: admin : PWD=/var/storage/admin ; USER=root ; COMMAND=/usr/bin/svcs -H -o FMRI *auto-snapshot:*-* Mar 3 03:12:00 Syn02 sudo: admin : PWD=/var/storage/admin ; USER=root ; COMMAND=/usr/sbin/svccfg -s svc:/system/filesystem/zfs/auto-snapshot:daily-Hybrid--datastores--data listprop zfs/current-snapshot-progress Mar 3 03:12:00 Syn02 sudo: admin : PWD=/var/storage/admin ; USER=root ; COMMAND=/usr/sbin/svccfg -s svc:/system/filesystem/zfs/auto-snapshot:daily-Hybrid--datastores--data listprop zfs/current-snapshot-state Mar 3 03:12:00 Syn02 sudo: admin : PWD=/var/storage/admin ; USER=root ; COMMAND=/usr/sbin/svccfg -s svc:/system/filesystem/zfs/auto-snapshot:weekly-Hybrid--datastores--
List all ssh logins (replace <user> with the correct information)
less /var/log/secure.log | grep "Accepted keyboard-interactive/pam for <user>"IMPORTANT
You can check for older files (e.g. "secure.log.0", "secure.log.N") and access them.
EXAMPLEless /var/log/secure.log | grep "Accepted keyboard-interactive/pam for admin"
Feb 20 12:41:13 synos3 sshd[2412980]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 59262 ssh2 Feb 20 12:59:02 synos3 sshd[5855]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 60703 ssh2 Feb 25 22:52:33 synos3 sshd[2742487]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 63399 ssh2 Feb 26 11:53:34 synos3 sshd[174700]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 57492 ssh2 Feb 27 16:38:41 synos3 sshd[3479012]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 64198 ssh2