Linux How do I display failed login attempt?

/var/log/faillog is a log file for failed login attempts. This file maintains a count of login failures and the limits for each account. The file is fixed length record, indexed by numerical ID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line the last login failure occurred on; and the date the last login failure occurred. Since data is in binary format you need to use faillog command to display failed login attempt.

How do I use faillog?

To display failed login attempt for user root with following command:
$ faillog -u root
Output:

Login       Failures Maximum Latest                   On
root            0        0   02/17/06 14:49:52 +0530  tty1

To display all failed login attempt try:
$ faillog -a
Output:

Login       Failures Maximum Latest                   On
root            0        0   02/17/06 14:49:52 +0530  tty1
rocky           0        0   02/27/06 22:05:03 +0530  tty1
usr1            2        0   02/16/06 15:05:01 +0530  tty2

See also:

• How do I find all out failed ssh login attempts?

• Tweet
• 
• 

You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

• 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
• Top 30 Nmap Command Examples For Sys/Network Admins
• 25 PHP Security Best Practices For Sys Admins
• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• 20 Linux Server Hardening Security Tips
• Linux: 20 Iptables Examples For New SysAdmins
• Top 20 OpenSSH Server Best Security Practices
• Top 20 Nginx WebServer Best Security Practices
• 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
• 15 Greatest Open Source Terminal Applications Of 2012
• My 10 UNIX Command Line Mistakes
• Top 10 Open Source Web-Based Project Management Software
• Top 5 Email Client For Linux, Mac OS X, and Windows Users
• The Novice Guide To Buying A Linux Laptop