Re: logging every sshd messages in a dedicated log-file

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 02/02/03

• Next message: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Previous message: ArteQ: "Re: Is OpenSSH 3.5p1 secure?"
• In reply to: ulle: "logging every sshd messages in a dedicated log-file"
• Next in thread: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Reply: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 2 Feb 2003 18:43:31 GMT

"ulle" <no@no.no> writes:

]Hello,

] I would like to log _every_ messages from sshd to a single log file,
]choosen by me (i.e. /var/log/ssh.log).

] by now, sshd messages are spread in different log files, by syslogd.

] How can I tell syslogd to redirect _only_ sshd messages to
]"/var/log/ssh.log"? Using a facility code (i.e. local1) would end
]redirecting also other messages (coming from other apps) to the same
]ssh.log? How to avoid that?

]Thanks for your help, I looked into google, with no results -- I'm just a
]beginner, hope you will help :)

]ulle

]p.s. are local0-7 equivalent? or do they have different "functions"?

syslog has a finite number of facitlities. The control of syslog is only
via facility-level pairs. You cannot separate them out. So if two
programs both use say local2.warning, then all messages from both will
go to the same place.

local0-7 are 8 syslog facilities which are to be used for "local" use.
Occasionally one is used by a standard program (eg chat -v uses local1)

Thus you cannot tell syslog to send only sshd messages to some file.
That is not how it works. You must tell sshd to use say local5 facility
and direct those to a file via syslog.conf And if some other program
also uses local5, then its will be directed to the same file.

• Next message: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Previous message: ArteQ: "Re: Is OpenSSH 3.5p1 secure?"
• In reply to: ulle: "logging every sshd messages in a dedicated log-file"
• Next in thread: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Reply: ulle: "Re: logging every sshd messages in a dedicated log-file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: logging every sshd messages in a dedicated log-file ... ]> syslog has a finite number of facitlities. ... ]> via facility-level pairs. ... ]> Thus you cannot tell syslog to send only sshd messages to some file. ... You must tell sshd to use say local5 facility ... (comp.security.ssh) Re: Security using ipf to block IPs run in cron ... |> | rules to IPF for attacks in syslog. ... |> Shouldn't you be able to consolidate several of those awk scans of the ... | search on multiple files if I split them up. ... only sshd messages. ... (comp.unix.sco.misc) Re: logging every sshd messages in a dedicated log-file ... > syslog has a finite number of facitlities. ... > via facility-level pairs. ... > Thus you cannot tell syslog to send only sshd messages to some file. ... You must tell sshd to use say local5 facility ... (comp.security.ssh) Re: logging every sshd messages in a dedicated log-file ... >> syslog has a finite number of facitlities. ... >> via facility-level pairs. ... >> Thus you cannot tell syslog to send only sshd messages to some file. ... You must tell sshd to use say local5 facility ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint