SSH

Auditing

Configuring Logging in sshd2
Logging SFTP Transactions
SMF Auditing

Tectia Server for IBM z/OS logs events with syslog. Logging (auditing) is very important for security. You should check the logs often, or use tools to analyze them. From the logs, you can see whether unauthorized access has been attempted, and take further action if needed. For example, you could add the hosts from which the attempts have been made to DenyHosts, or drop the packets from the domain completely at your firewall.