Logging SSH connection attempts

I’m looking after the logs for login attempts, particularly failed attempts, as a way to monitor attacks to the NAS drive.

Typically in Linux system, login attempts can be found under /var/log/auth.log. However I could not find any clues under /var/log. I did find this old post with some instructions on how to turn on logging:

To enable logging I had to do two simple things:

  1. Add the following line in sshd_config: LogLevel VERBOSE (there is an important config already present in this file → SyslogFacility AUTHPRIV)
  2. Uncomment the following line in /usr/local/config/syslog.conf (this file gets copied over to /etc/syslog.conf at boot time): auth,authpriv.* /var/log/auth.log

This seems logic. The changes to syslog.conf did persist after reboot. However the changes to sshd_config were overwritten after the last update.

As a result, still no auth.log under /var/log and hence no logs of failed break-in attempts :frowning:

So, anyone did manage to successfully log login attempts somehow?

Hi @haphaeu,

Please refer to the article Access Denied when SSH Login to a My Cloud: