I would like to know how do I get ssh access logs on linux servers that contain ip and hostname. In my logs, only the ip appears, but I would like to get the ip and hostname.
how is your log looks like ?
1 Like
By the secure and audit log, only the ip, user. I would like the host of the client machine to appear.
/var/log/secure
Accepted password for user from xxx.xxx.xxx.xxx port xxxx
/var/log/audit/audit.log
exe=“/usr/sbin/sshd” hostname=? addr=xxx.xxx.xxx.xxx terminal=? res=success’
Thatseems like more of a Linux question… Are you picking up those logs with Graylog? If so you could set up a DNS Lookup table in Graylog and find the hostname from the IP and add it in as a separate field.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.