provide a way for site-administrators to view the auth.log
When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?
Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
* auth.log
* sftpserver.log
* history of auth and sftpserver logs so that we can go back at least a week to see if we missed anything
1
vote
Anonymous
shared this idea