7. Configuring "k9-tail" for logs [optional]

k9-tail is a small program that forwards SSH logs to Key9. Key9 uses these logs to determine which public keys are used by users and for other authentication analytics. The program works by following (tailing) the /var/log/auth.log. If this is not the location of your authentication logs, it can be changed in the /opt/k9/etc/k9.yaml.

By default, Debian 12 does not write out an auth.log. The easiest way to have those logs written to disk is by installing rsyslog. As root, execute the following:

apt-get install rsyslog

To enable k9-tail, execute the following:

systemctl start k9-tail

systemctl enable k9-tail

Within the Key9 interface, you should see new authentication logs being received. If you are not, you can stop the k9-tail service and run k9-tail in debug mode. To do that, you would execute as "root":

/opt/k9/bin/k9-tail -debug

Previous6. Modifying "sudoers" [optional]Next8. Automatic home directory creation [optional]

Last updated 2 months ago