Log of invalid user name login attempts

[Stinney]

I found information on how to log invalid login attempts in telnet.

I did some testing with invalid passwords through telnet and it worked great. However, if I use an invalid user name, it doesn't report the user name entered.

I'd love to have this information as I'm in a constant struggle with local support who swears that users are not using their LAN ID (which is not the ID they should be using) when logging into this system.

Any help is greatly appreciated.

- Stinney

Favorite all too common vendor responses: "We've never seen this issue before." AND "No one's ever wanted to use it like that before.

 

[AnotherAlan]

Well I can't be sure about telnet as we have that disabled by default, but if you add the below line to your syslog.conf file and touch the /var/log/authlog file, it does show the username attempted using ssh;


auth.debug /var/log/authlog

e.g.
sshd[26038]: [ID 800047 auth.info] Illegal user Administrator from 10.xx.xx.xx

Hope this helps