I am trying to log failed login attempts to faillog. I cannot find any official Ubuntu document explaining how to configure the server for faillog.
I followed [https://stackoverflow.com/questions/37570683/pam-tally2-tallying-successful-logins-as-failures][1]
and it does generate the faillog file now, but it doesn't seem to log failed login attempts. I tested more than 3 failed login attempts via SSH putty, but there was nothing recorded. Here is the output of $sudo faillog -a -
root 13361 11825 01/01/70 01:00:00 +0100 94.106.15
daemon 0 0 10/11/74 04:56:48 +0100 [1667445422s
lock]
bin 0 0 01/01/70 01:00:00 +0100
sys 0 0 01/01/70 01:00:00 +0100
sync 0 0 01/01/70 01:00:00 +0100
games 0 0 01/01/70 01:00:00 +0100
man 0 0 01/01/70 01:00:00 +0100
lp 0 0 01/01/70 01:00:00 +0100
mail 0 0 01/01/70 01:00:00 +0100
news 0 0 01/01/70 01:00:00 +0100
uucp 0 0 01/01/70 01:00:00 +0100
proxy 0 0 01/01/70 01:00:00 +0100
www-data 0 0 01/01/70 01:00:00 +0100
backup 0 0 01/01/70 01:00:00 +0100
list 0 0 01/01/70 01:00:00 +0100
irc 0 0 01/01/70 01:00:00 +0100
gnats 0 0 01/01/70 01:00:00 +0100
nobody 0 0 01/01/70 01:00:00 +0100
systemd-network 0 0 01/01/70 01:00:00 +0100
systemd-resolve 0 0 01/01/70 01:00:00 +0100
systemd-timesync 0 0 01/01/70 01:00:00 +0100
messagebus 0 0 01/01/70 01:00:00 +0100
syslog 0 0 01/01/70 01:00:00 +0100
_apt 0 0 01/01/70 01:00:00 +0100
uuidd 0 0 01/01/70 01:00:00 +0100
tcpdump 0 0 01/01/70 01:00:00 +0100
sshd 0 0 01/01/70 01:00:00 +0100
systemd-coredump 0 0 01/01/70 01:00:00 +0100
linux-user 0 0 01/01/70 01:00:00 +0100
