Alex Schuster <wonko <at> wonkology.org> writes:
> > When you run kde-4 on gentoo and use the kde-login-manager app > > are the login sessions recorded into a permanent or temporary file? > If you want to know, who is logged in and when someone logged in, check > the man page for utmp / wtmp. These files are not human readable indeed, > but you can use the 'who' or 'w' command to see who is currently logged > in, and the last command to see when someone logged in. The 2nd column > shows where the login came from (and the 3rd from where), it displays > 'ssh' when someone logged in via ssh. ':0' means someone started a login > on the first X display. Probably using KDE4, but it may be any > other window manager. So I have no answer to your question about KDE > logins. And I don't knwo if the feature you are looking for exists at all. > Maybe you can hack /usr/share/config/kdm/Xsession, to add an entry in > some log file in case KDE is being started. I was looking for the login record, like what last provides, specific for all login attempts, successful or not. I was hoping to capture (grep - whatever) attempted login sessions that failed, mostly from kde-4, but ssh failed sessions would be ok too. But login failure are the target of what I'm really looking for, for systems that each maintain there own password file on a given network. I guess I'd need some security wrapper app that looks for and logs this sort of information explicitly for analysis... Maybe a separate app, one for ssh_fail and one for kde_mgr_fail. Anyone got any suggestions? James
