Re: Duplicate sshd-loginfo - How to configure right?




Hi!
I try to configure sshd version OpenSSH_3.7.1p2 that it logs it's info
into a specific logfile instead flooding the standard-message-file
/var/log/messages. I found a posting that suggests to leave sshd_config
at it's default and modify syslog.conf instead. My recent configuration
looks like

/etc/ssh/sshd_config

LogLevel INFO
SyslogFacility AUTH

/etc/syslog.conf

auth.info /var/log/auth.log

Now it seems that sshd does log authentication-details to
/var/log/auth.log but still keeps on logging to /var/log/messages for I
find the same line in both logfiles. Does someone see at first glance
where I am doing wrong?

You must also configure syslog to *not* send those messages to /var/log/messages.

--
Richard Silverman
res@xxxxxxxx

.



Relevant Pages

  • Duplicate sshd-loginfo - How to configure right?
    ... I try to configure sshd version OpenSSH_3.7.1p2 that it logs it's info ... into a specific logfile instead flooding the standard-message-file ... at it's default and modify syslog.conf instead. ...
    (comp.security.ssh)
  • Re: Problem mit Backup
    ... Die Datenbank ansich ".edb) ist nicht vollständig ... es scheint ein LOGfile zu geben, dass "neue" informationen hat, die in der ... wenn du die logs hast dann kannst du beim restore der EDB ...
    (microsoft.public.de.german.exchange2000.general)
  • Re: Best way to Collect Log
    ... the start of script and all the logs are then directed to that log ... In a Bourne or POSIX script: ... exec 3> LOGFILE ... and then every standard output of every command (including echo ...
    (comp.unix.shell)
  • Re: IIS logging issue
    ... Subject: IIS logging issue ... > /index%2easp becomes /index.asp and is shown as that in the logfile. ... > These days logs are used very often to prove illegal activity. ... When your logs are altered by translating incoming data to "readable" ...
    (NT-Bugtraq)
  • Re: Dictionary sshd attacks
    ... > tool could continue to monitor the logs for the attack and only ... > reactivate the port after X minutes after the attack ends. ... > are attempted using a dictionary of common usernames. ... > Never allow sshd root logins. ...
    (comp.os.linux.security)