Syslog over SSH

From: Rafael Vidal Aroca (
Date: 11/29/01

Date: Thu, 29 Nov 2001 09:50:53 -0200 (BRST)
From: Rafael Vidal Aroca <>
To: <>
Subject: Syslog over SSH
Message-ID: <Pine.LNX.4.33.0111290947160.1126-100000@osiris.gds>

        Well, this is an answer and a question.

        What I do to do secure logging on remote machines is pipe UDP/514
(syslog) to TCP using netcat then pass it to another machine over a SSH
tunnel, and put it to localhost.

        Like that:

        On logging server:

        nc -l -p 9999 | nc localhost -u syslog
        ssh -g -R 9999:localhost:9999 root@remoteServer

        On the machine we want to log:

         nc -l -u -p syslog | nc localhost 9999

        I do this and remote logging works, but is it a good way of doing

[]s Rafael.
3wt - Wireless Web World Technologies
A Division of GDS Corporation

Relevant Pages

  • Re: Syslog over SSH
    ... I believe I have figure out my ssh tunnel problems, however, I am still ... I have setup public key encryption to keep from having to ... directly using syslog and changed the configuration to test with SSH ... to bind to the syslog port) ...
  • Customer has problems keeping incomming SSH connection alive.
    ... new remote location. ... When I checked syslog I see many lines with the error: ... I logged in via SSH and left the session idle for over an hour and ... when I went back to it, the ssh session did not respond to key presses. ...
  • Re: script to record any ssh logins.
    ... I am looking fora mechanism that would send an email if ANY ssh ... login succeeded. ... You could, as an alternate, use syslog. ... firewalls and IDS apps ...
  • Re: unsuccessful hacking attempt at my machine
    ... >>logging and dropping SSH traffic that is not allowed. ... I did find out that the levels are defined in syslog man page ... > syslog isn't what actually creates the log entries. ... Since I am denying SSH packtes from non-allowed IPs using iptables, ...
  • some ssh connections not logged
    ... My syslog is also set up to get those messages into a file. ... I can see almost all incomming ssh connections logged. ... I have set up a monitoring system that does a ptree of that user: ... But in my ssh log I can't see that the user ever connected... ...