Hi
Which is the correct log file for this jail on ubuntu?
/var/log/auth.log or /var/log/syslog
That’s a really good question!
Both events in extra use the LOG_USER facility, but it seems that the default rsyslogd config doesn’t have a separate file for that facility.
So, the short answer is /var/log/syslog, but what you should do is enable /var/log/user.log and use that instead.
1 Like
Thanks for your suggestion. I have enabled /var/log/user.log file.
The only issue remains is double logging of every single password reset request event in /var/log/user.log file. The same thing was happening with ‘/var/log/syslog’. We have bandaid it for now by increasing the maxretry parameter. How do i fixt it permanently?
Jul 10 11:13:16 vultr wordpress(siteurl)[2453414]: Password reset requested for anuja.bagel from 77.111.245.14
Jul 10 11:13:16 vultr wordpress(siteurl)[2453414]: Password reset requested for anuja.bagel from 77.111.245.14