Red Hat Bugzilla – Bug 831888
virt-manger does not update wtmp information
Last modified: 2014-02-02 13:01:40 EST
Description of problem:
This is probably more of a feature request...
virt-manger does not update /var/log/wtmp information. It would be useful to have this information when auditing authentications. I understand that there is information logged to /var/log/secure (LOG_AUTHPRIV), but these may be rotated and removed (a month, by default), while wtmp is often retained for much longer.
Steps to Reproduce:
1. Connect to virt-manager instance and disconnect soon after.
2. Wait 5 minutes (to ensure there is a decernable difference in the time between connections) and then login via SSH.
3. Run the last(1) command.
Actual results: Only the SSH connection will be visable in the last command output.
Expected results: Both the SSH and the virt-manager connection would be visible in the last command.
Can you describe more closely what connection to virt-manager instance are you referring to? Are you using virt-manager to connect to remote libvirtd instance using ssh?
(In reply to comment #4)
> Are you using virt-manager to connect to remote libvirtd
> instance using ssh?
Yes, that is correct.
I've reproduce the bug on both rhel6.4 and rhel7:
This is a general ssh 'problem', nothing specific to virt-manager or libvirt. We run 'ssh [cmd]' and a google search shows this doesn't update wtmp information. Specifying ssh -t will probably make this work, but historically we try not to mess with our ssh cli generation since it is fragile and hard to make it work across multiple distros.
As you mention, this information is already recorded in /var/log/secure. If it's rotated too fast I'm sure that can be adjusted somewhere.
If we are going to 'fix' this, we need another bug report to track libvirt ssh usage as well. However my recommendation is CLOSED->WONTFIX.
Closing as WONTFIX like I originally suggested.