SSH Tectia Server for IBM z/OS logs events with syslog. Logging (auditing) is very important for security. You should check your logs often, or use tools to analyze them. From the logs, you can see whether unauthorized access has been attempted, and take further action if needed. For example, you could add the hosts from which the attempts have been made to DenyHosts, or drop the packets from the domain completely at your firewall.