-----Original Message-----
From: Andrew Brown
I had an unexpected (and unexplained) crash in the early hours of this morning, and when I restarted the machine, began to look through /var/log/messages to see if there were any clues. There weren't: it just went from routine messages to rebooting ones without anything in between. But, scrolling back, I discovered connections to sshd (the only service on the machine that's open to the internet) from South Korea, Russia, China, Germany ... So far as I know, none of these people succeeded in logging on. But I thought there ought to be some file which recorded attempts to log on, and I con't find it. What should it be, and do I need to turn it on?
last would be the command. If, as root, you touch /var/log/btmp you can also run lastb to check for failed login attempts. wtmp and btmp are binary files that cannot be edited. Ken