Red Hat Bugzilla – Bug 886
Inconsistent logging of failed logins
Last modified: 2008-05-01 11:37:48 EDT
Due to /etc/syslog.conf, incorrect password logins are
logged in /var/log/secure. However, incorrect user logins
are logged in /var/log/messages.
This is set like this for obvious security reasons. It can be
reconfigured using the syslog.con file if the system administrator
should need it to behave differently.
------- Additional Comments From 01/22/99 17:18 -------
I agree that logging to /var/log/messages is insecure. I'm requesting
that *both* types of messages be logged to /var/log/secure. That way
there's a single place to look for account guessing activity.