Hi,
On Thu, 15 Nov 2018, Leonid Isaev via arch-general wrote:
If you want authpriv messages, then run "journalctl
SYSLOG_FACILITY=10". See
https://en.wikipedia.org/wiki/Syslog#Facility for mapping between
numerical and mnemonic facility IDs. Oh, and do install syslog-ng :)
On Fri, 16 Nov 20
On 16/11/2018 00:43, Maxe wrote:
> Hi,
>
> One of our systems, running ARCH Linux, was compromised (a
> non-privileged account, fortunately). But, we could not find
> /var/log/auth.log or similar for investigation. Does the journal keep
> track of login attempts?
Yes.
journalctl allows access to
On Fri, Nov 16, 2018 at 01:43:17AM +0100, Maxe wrote:
> Hi,
>
> One of our systems, running ARCH Linux, was compromised (a non-privileged
> account, fortunately). But, we could not find /var/log/auth.log or similar
> for investigation. Does the journal keep track of login attempts? It seems
> that
Hi,
One of our systems, running ARCH Linux, was compromised (a
non-privileged account, fortunately). But, we could not find
/var/log/auth.log or similar for investigation. Does the journal keep
track of login attempts? It seems that ARCH does not run [r]syslogd.
Best regards,
Maxe
kaa...@nut
4 matches
Mail list logo
