→ Applies to: SynetoOS 6.x
All commands in this article are intended to be executed via SynetoOS CLI.
Tracking Logins
List all logins
less /var/log/secureEXAMPLE
Mar 5 09:24:01 Syneto01 sudo[76529]: root : PWD=/root ; USER=root ; COMMAND=/bin/hostname -I Mar 5 09:24:01 Syneto01 sudo[76529]: pam_unix(sudo:session): session opened for user root by (uid=0) Mar 5 09:24:01 Syneto01 sudo[76529]: pam_unix(sudo:session): session closed for user root Mar 5 09:24:20 Syneto01 sudo[76797]: root : PWD=/usr/share/syneto-diana ; USER=root ; COMMAND=/bin/nmcli connection Mar 5 09:24:21 Syneto01 sudo[76797]: pam_unix(sudo:session): session opened for user root by (uid=0)
List all ssh logins (replace <user> with the correct information)
less /var/log/secure | grep "Accepted keyboard-interactive/pam for <user>"EXAMPLE
less /var/log/secure | grep "Accepted keyboard-interactive/pam for admin"
EXAMPLE OUTPUTFeb 20 12:41:13 synos3 sshd[2412980]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 59262 ssh2 Feb 20 12:59:02 synos3 sshd[5855]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 60703 ssh2 Feb 25 22:52:33 synos3 sshd[2742487]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 63399 ssh2 Feb 26 11:53:34 synos3 sshd[174700]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 57492 ssh2 Feb 27 16:38:41 synos3 sshd[3479012]: Accepted keyboard-interactive/pam for admin from 10.10.1.2 port 64198 ssh2