SMI User and Audit Tracking Commands
This section provides the list of user and audit tracking commands used in SMI.
Note |
|
User Tracking Commands
The following commands are used for user tracking in SMI.
Command |
Description |
||
---|---|---|---|
last -F |
Displays the list of users logged in the last session along with information such as date and time of last log in.
|
||
last reboot |
Displays the number of times the system was rebooted. |
||
lastb |
Displays the list of bad log in attempts recorded in the /var/log/btmp file. |
||
lastlog |
Displays each user's last logged information - login name, port, and last login time - recorded in var/log/lastlog file. |
Audit Tracking Commands
The following commands are used for audit tracking in SMI.
Command |
Description |
---|---|
sudo aureport -au -i | more |
Displays a summary of audit daemon logs report. |
sudo cat /var/log/auth.log | grep "Failed password" |
Displays a list of failed SSH log in attempts. |
sudo journalctl _SYSTEMD_UNIT=ssh.service | egrep "Failed|Failure" |
Displays a list of all the failed log in attempts. |
sudo journalctl -q _TRANSPORT=audit |
Displays audit logs for SSH, SFTP and SCP. |