/var/log/auth.log in Ubuntu under WSL
Solution 1:
There are two reasons you don't see a /var/log/auth.log under WSL:
-
First, WSL doesn't run any services by default, including
rsyslog. Without a system logging service, well ... no syslogs! I'm assuming you already have figured this part out since you do have a/var/log/auth.log, though. For others that are reading this, you would need to do asudo service rsyslog startto start the logging service. -
Second, as ThomasWard pointed out in the comments and discussion, WSL does not "login" in a traditional sense. Specifically, under Ubuntu, PAM (pluggable authentication modules) is used to authenticate users. And PAM is what logs the authentication information to syslog, typically resulting in the output you expect in
/var/log/auth.log.But you'll notice that you don't enter a password when starting WSL. This is because WSL's
/initprocess (its PID 1 which is the parent of all other processes) starts your shell as the default user. Passwords aren't that useful in WSL, since it's your Windows user that ultimately determines your access rights to the system. Put another way, evenrootin WSL can never exceed the permissions of the Windows user.Since you're already logged in to Windows, WSL doesn't need the "extra protection" of a WSL user password.
However, as you've seen in your existing /var/log/auth.log, there are things that you can do to trigger PAM, and thus trigger writes to the log. The two most common are su and sudo.
Also note that the /etc/securetty message that you are seeing in the log is due to the pam_securetty module attempting to look for its configuration. Since that's not configured (or needed) under WSL, Ubuntu does not provide that file by default.