Ssh access logs

yumibad86 · January 26, 2023, 6:59pm

I would like to know how do I get ssh access logs on linux servers that contain ip and hostname. In my logs, only the ip appears, but I would like to get the ip and hostname.

ramindia · January 26, 2023, 10:43pm

how is your log looks like ?

yumibad86 · January 27, 2023, 12:08pm

By the secure and audit log, only the ip, user. I would like the host of the client machine to appear.

/var/log/secure
Accepted password for user from xxx.xxx.xxx.xxx port xxxx

/var/log/audit/audit.log
exe=“/usr/sbin/sshd” hostname=? addr=xxx.xxx.xxx.xxx terminal=? res=success’

tmacgbay · January 27, 2023, 6:25pm

Thatseems like more of a Linux question… Are you picking up those logs with Graylog? If so you could set up a DNS Lookup table in Graylog and find the hostname from the IP and add it in as a separate field.

system · February 10, 2023, 6:25pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logs SSH Graylog Graylog Central (peer support)	5	5020	June 22, 2017
Graylog Research Graylog Central (peer support)	3	582	March 27, 2018
Graylog extractors Pfsense Graylog Central (peer support)	2	344	September 30, 2021
Source doesn't always show host or IP Graylog Central (peer support)	7	1261	December 6, 2021
Source coming in as IP address and not resolved DNS name Graylog Central (peer support)	15	6256	April 22, 2019

Ssh access logs

Related Topics