3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
1.3 KiB
Operator Login/Authentication Logging
logs all operator login and authentication attempts.
For security purposes, all login attempts (success and failure) are logged. This includes the Horizon Web interface and SSH logins as well as internal local LDAP login attempts and internal database login attempts.
SNMP authentication requests (success and failure) are logged with
operator commands (see Operator Command Logging
<operator-command-logging>). Authentication failures are
logged explicitly, whereas successful authentications are logged when
the request is logged.
The logs include the timestamp, user name, remote IP Address, and number of failed login attempts (if applicable). They are located under the /var/log directory, and include the following:
- /var/log/auth.log
- /var/log/horizon.log
- /var/log/pmond.log
- /var/log/hostwd.log
- /var/log/snmp-api.log
- /var/log/sysinv.log
- /var/log/user.log
- /var/log/ima.log
You can examine the log files locally on the controllers, or using a remote log server if the remote logging feature is configured.