sshd and lastlog (and/or last/wtmp)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I noticed that not all ssh connection are logged in /var/log/lastlog or /va
r/log/wtmp. Only actual login, but not commands or sftp connections. If a u
ser uses the command /bin/bash, as a sysadmin I cannot know that a user was
 connected interactively on a server. I have to hunt thing down in /var/log
/secure. Is there an easy way to create "lastssh" in the same format as las

My objective is to find out is when a user was last active on a system in a
n easy log like lastlog.  


Site Timeline