Ssh access logs

I would like to know how do I get ssh access logs on linux servers that contain ip and hostname. In my logs, only the ip appears, but I would like to get the ip and hostname.

how is your log looks like ?

1 Like

By the secure and audit log, only the ip, user. I would like the host of the client machine to appear.

Accepted password for user from port xxxx

exe=“/usr/sbin/sshd” hostname=? terminal=? res=success’

Thatseems like more of a Linux question… Are you picking up those logs with Graylog? If so you could set up a DNS Lookup table in Graylog and find the hostname from the IP and add it in as a separate field.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.