/var/log/faillog is a log file for failed login attempts. This file maintains a count of login failures and the limits for each account. The file is fixed length record, indexed by numerical ID. Each record contains the count of login failures since the last successful login; the maximum number of failures before the account is disabled; the line the last login failure occurred on; and the date the last login failure occurred. Since data is in binary format you need to use faillog command to display failed login attempt.
How do I use faillog?
To display failed login attempt for user root with following command:
$ faillog -u root
Output:
Login Failures Maximum Latest On root 0 0 02/17/06 14:49:52 +0530 tty1
To display all failed login attempt try:
$ faillog -a
Output:
Login Failures Maximum Latest On root 0 0 02/17/06 14:49:52 +0530 tty1 rocky 0 0 02/27/06 22:05:03 +0530 tty1 usr1 2 0 02/16/06 15:05:01 +0530 tty2
See also:
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 3 comments… read them below or add one }
Seems like nobody is interested in login failures..
Anyhow, Vivek ji great article again :D
I created a user and deliberatly made its login faild.
When I use the command ,it doesn;t seem to work.
I even checked the /var/log/faillog file and its empty…
When I use the faillog command I get the error
cannot open /var/log/faillog doesn’t exist