Due to /etc/syslog.conf, incorrect password logins are logged in /var/log/secure. However, incorrect user logins are logged in /var/log/messages.
This is set like this for obvious security reasons. It can be reconfigured using the syslog.con file if the system administrator should need it to behave differently. ------- Additional Comments From 01/22/99 17:18 ------- I agree that logging to /var/log/messages is insecure. I'm requesting that *both* types of messages be logged to /var/log/secure. That way there's a single place to look for account guessing activity.