how to check who logged on using root ?

  • Thread starter Deleted member 60383
  • Start date

Deleted member 60383

So I'm in a domain I can check who logged into my apache using root if the person used a windows station to logon because all the windows stations r in the domain. But if someone uses his Linux workstation to logon to my apache using root how can i check which user was it in his server?
-i do not have user in his server but theres simm server collecting all data if it matters.
how can i know who's the one that logged on using root ?

You won't be able to determine which user account on the remote system was used to login to the Apache server, but you can identify the IP and possibly the MAC address of the remote system. That information is available in the SystemD Journal as well as the sshd logs. SystemD journals are available with the `journalctl` application and the sshd logs are in `/var/log/auth.log` by default. Do note that sshd doesn't log all data by default.

journalctl -u sshd
Last edited:

Members online

Latest posts