From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 27 08:37:13 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BEC06E2
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 08:37:13 +0000 (UTC)
Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5639F19E4
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 08:37:12 +0000 (UTC)
Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1])
 by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s1R8b2wG078819;
 Thu, 27 Feb 2014 08:37:03 GMT (envelope-from freebsd@qeng-ho.org)
Message-ID: <530EF92E.2050004@qeng-ho.org>
Date: Thu, 27 Feb 2014 08:37:02 +0000
From: Arthur Chance <freebsd@qeng-ho.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Jim Pazarena <fquest@paz.bz>,
 FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: notifications of log in
References: <530EBAEA.9050300@paz.bz>
In-Reply-To: <530EBAEA.9050300@paz.bz>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 08:37:13 -0000

On 27/02/2014 04:11, Jim Pazarena wrote:
> Is there a way to have syslog email a notice upon ANY log in to a
> server, by any user ID?
>
> I'm not worried about failed attempts, but I'd like a prompt notice if
> someone does successfully log in.

According to the syslog.conf manual, one option for the action on an 
event is:

> A vertical bar (“|”), followed by a command to pipe the selected mes‐
> sages to.  The command is passed to sh(1) for evaluation, so usual
> shell metacharacters or input/output redirection can occur.

You could feed auth facility syslog events to a script that mails you 
about console logins, sshd events and anything else relevant.