That file is null after both invalid users, invalid password and successful login. I think there is a RACF failure record, but that is nearly post-mortem when you have an active attack.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Joel Ivey Sent: Thursday, May 25, 2006 3:07 PM To: [email protected] Subject: Re: sshd ported tools logging Is that different from /tmp/sshd.stderr ?? On Thu, 25 May 2006 13:32:39 -0500, Rugen, Len <[EMAIL PROTECTED]> wrote: >I don't seem to have any /var/log files on z/OS 1.4. Does sshd log on >z/os or have I missed something? I'm interested in failed login >attempts just to see if brute force login attempts are being made. > > > >Thanks > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html >======================================================================= = ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
