1
00:00:06,610 --> 00:00:09,570
You in my demo. I've shown
you how it works on CentOS.

2
00:00:10,509 --> 00:00:13,369
Now I'd like to show
you what it's like on Ubuntu.

3
00:00:15,509 --> 00:00:21,649
Sudo systemctl status of r
syslog do we have it?

4
00:00:24,670 --> 00:00:29,773
Yeah, we do. That means that
if I want to know where

5
00:00:29,773 --> 00:00:34,876
authentication messages are sent to, I
need sudo vim on on etc

6
00:00:34,876 --> 00:00:39,979
r syslog conf and then I'm
going to search for auth where.

7
00:00:40,600 --> 00:00:46,405
Oh, I'm not finding any auth
priv So I need to check in

8
00:00:46,405 --> 00:00:52,210
the rules if we have anything
that is setting authentication related messages.

9
00:00:52,869 --> 00:00:58,710
And what I'm seeing here is that,
well, there is no rules in here.

10
00:00:59,460 --> 00:01:05,420
That's interesting. So what is Ubuntu
doing? Well, let's check out etc r

11
00:01:05,420 --> 00:01:11,379
syslog d and aha. There we
can see the configuration 50 default conf.

12
00:01:12,140 --> 00:01:16,469
So this distribution isn't specifying
everything in the main configuration file,

13
00:01:16,469 --> 00:01:20,799
it's spreading it out over
the different drop in files.

14
00:01:22,299 --> 00:01:27,420
So 50 default conf is what I need to
be looking at. And, and look, there we go.

15
00:01:28,280 --> 00:01:34,750
Auth and auth priv Everything is going to var log
auth log. So this is what we need to see.

16
00:01:35,269 --> 00:01:40,109
So sudo less on var log
auth log and there we can see

17
00:01:40,109 --> 00:01:44,950
all the authentication related messages and
that's how you can find it.