Log File Locations
File Transfer Audit Logs
If you have enabled file transfer auditing, logs are created by default in /etc/ssh2/logs. You can configure a non-default location using AuditLog.Directory.
Login Information
The output location for login information is platform-dependent. For details refer to the following table.
Platform |
Login history |
Current login |
Failed login |
HPUX |
/var/adm/wtmp |
/etc/utmp |
/var/adm/btmp |
HPUX |
/var/adm/wtmps |
/etc/utmpx |
/var/adm/btmps |
AIX |
/var/adm/wtmp |
/etc/utmp |
/etc/security/ /etc/security/ |
Solaris |
/var/adm/wtmpx |
/var/adm/utmpx |
/var/adm/loginlog |
RHEL |
/var/log/lastlog /var/log/wtmp |
/var/run/utmp |
/var/log/btmp |
SLES |
/var/log/wtmp |
/var/run/utmp |
/var/log/btmp |
Notes:
- Some platforms write to more than one file.
- On some Linux systems, btmp is not present. The server writes to this database if it is present.
The output for sshd and sftp-server messages is affected by both Reflection for Secure IT configuration and syslogd configuration. For example, the following entry in /etc/syslog.conf configures a facility called local6 and sends output from that facility to /var/adm/rsit_log.
local6.info /var/adm/rsit_log
Note: The syntax shown above requires a tab between the two entries.
To configure Reflection for Secure IT to send sshd messages to the local6 facility, include the following line in the server configuration file (/etc/ssh2/sshd2_config).
SysLogFacility local6
 |