Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] After upgrading to v1.10.23-lts, the SSH login log in the log audit cannot be viewed. #7713

Open
jiahui90 opened this issue Jan 14, 2025 · 14 comments
Open

[Bug] After upgrading to v1.10.23-lts, the SSH login log in the log audit cannot be viewed. #7713

jiahui90 opened this issue Jan 14, 2025 · 14 comments
Assignees
@wanghe-fit2cloud
Labels
Type: To Be Verified

Comments

@jiahui90
Copy link

Contact Information

No response

1Panel Version

v1.10.23-lts

Problem Description

升级到v1.10.23-lts 日志审计中的SSH 登录日志却查看不了 之前 还可以查看

Steps to Reproduce

日志审计-ssh登录日志 显示不了!

The expected correct result

No response

Related log output

No response

Additional Information

No response
@wanghe-fit2cloud wanghe-fit2cloud changed the title [Bug] 升级到v1.10.23-lts 日志审计中的SSH 登录日志却查看不了 [Bug] After upgrading to v1.10.23-lts, the SSH login log in the log audit cannot be viewed. Jan 14, 2025
@ssongliu
Copy link
Member

感谢反馈,麻烦执行一下下面命令:

cat /var/log/auth.log* | grep -aE "(Failed password for|Connection closed by authenticating user|Accepted)"

cat /var/log/secure* | grep -aE '(Failed password for|Accepted)'

@jiahui90
Copy link
Author

感谢反馈,麻烦执行一下下面命令:

cat /var/log/auth.log* | grep -aE "(Failed password for|Connection closed by authenticating user|Accepted)"

cat /var/log/secure* | grep -aE '(Failed password for|Accepted)'

[root@VM_0_4_centos ~]# cat /var/log/auth.log* | grep -aE "(Failed password for|Connection closed by authenticating user|Accepted)"
cat: /var/log/auth.log*: No such file or directory
[root@VM_0_4_centos ~]#
[root@VM_0_4_centos ~]# cat /var/log/secure* | grep -aE '(Failed password for|Accepted)'
[root@VM_0_4_centos ~]#
执行了以上的 但还是显示不了ssh登录日志

@ssongliu
Copy link
Member

1panel 的 ssh 日志只是读取了这个日志文件,而日志的记录是通过系统底层实现的,1panel 并不会插入或者删除该记录

可以检查一下近期是否有删除日志等操作

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

1panel's ssh log only reads this log file, and the log recording is implemented through the bottom layer of the system. 1panel will not insert or delete the record.

You can check whether there have been any operations such as deleting logs recently.

@jiahui90
Copy link
Author

1panel 的 ssh 日志只是读取了这个日志文件,而日志的记录是通过系统底层实现的,1panel 并不会插入或者删除该记录

可以检查一下近期是否有删除日志等操作

是读取auth.log吗?

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

1panel's ssh log only reads this log file, and the log recording is implemented through the bottom layer of the system. 1panel will not insert or delete the record.

You can check whether there have been operations such as deleting logs recently

Are you reading auth.log?

@ssongliu
Copy link
Member

1panel 的 ssh 日志只是读取了这个日志文件,而日志的记录是通过系统底层实现的,1panel 并不会插入或者删除该记录
可以检查一下近期是否有删除日志等操作

是读取auth.log吗?

centos 读取的是 /var/log/ 下面的 secure* 文件

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

1panel's ssh log only reads this log file, and the log recording is implemented through the bottom layer of the system. 1panel will not insert or delete the record.
You can check whether there have been operations such as deleting logs recently.

Is it reading auth.log?

centos reads the secure* file under /var/log/

@jiahui90
Copy link
Author

1panel 的 ssh 日志只是读取了这个日志文件,而日志的记录是通过系统底层实现的,1panel 并不会插入或者删除该记录

可以检查一下近期是否有删除日志等操作

/var/log/secure 文件可是存在的哦。

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

1panel's ssh log only reads this log file, and the log recording is implemented through the bottom layer of the system. 1panel will not insert or delete the record.

You can check whether there have been operations such as deleting logs recently

The /var/log/secure file does exist.

@jiahui90
Copy link
Author

1panel 的 ssh 日志只是读取了这个日志文件,而日志的记录是通过系统底层实现的,1panel 并不会插入或者删除该记录
可以检查一下近期是否有删除日志等操作

是读取auth.log吗?

centos 读取的是 /var/log/ 下面的 secure* 文件

/var/log/secure 文件可是存在。
截屏2025-01-14 16 54 37

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

1panel's ssh log only reads this log file, and the log recording is implemented through the bottom layer of the system. 1panel will not insert or delete the record.
You can check whether there have been operations such as deleting logs recently.

Is it reading auth.log?

centos reads the secure* file under /var/log/

The /var/log/secure file does exist.
Screenshot 2025-01-14 16 54 37

@ssongliu
Copy link
Member

麻烦你把 secure 这些文件压缩发我邮箱一下吧,我看看是不是解析的问题

[email protected]

@wanghe-fit2cloud
Copy link
Member

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Could you please zip these secure files and send them to my email, and I'll see if it's a parsing problem?

[email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wanghe-fit2cloud wanghe-fit2cloud

Labels
Type: To Be Verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jiahui90 @wanghe-fit2cloud @ssongliu