From owner-freebsd-questions  Thu Apr 23 12:14:01 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA07825
          for freebsd-questions-outgoing; Thu, 23 Apr 1998 12:14:01 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from eyelab.psy.msu.edu (eyelab.psy.msu.edu [35.8.64.179])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA07732
          for <freebsd-questions@freebsd.org>; Thu, 23 Apr 1998 12:13:47 -0700 (PDT)
          (envelope-from root@eyelab.psy.msu.edu)
Received: from iso221.psy.msu.edu (iso221.psy.msu.edu [35.8.110.61])
	by eyelab.psy.msu.edu (8.8.8/8.8.7) with SMTP id PAA08936;
	Thu, 23 Apr 1998 15:12:42 -0400 (EDT)
	(envelope-from root@eyelab.psy.msu.edu)
Message-Id: <199804231912.PAA08936@eyelab.psy.msu.edu>
X-Sender: root@eyelab.msu.edu
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1.329 (Beta)
Date: Thu, 23 Apr 1998 15:14:37 -0400
To: Jan Koum  <jkb@best.com>
From: Gary Schrock <root@eyelab.psy.msu.edu>
Subject: Re: any way to make ssh logins log to messages?
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.980423114611.2715B-100000@shell6.ba.best.com
 >
References: <199804231712.NAA08084@eyelab.psy.msu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 11:50 AM 4/23/98 -0700, you wrote:
>	Of course. Look at /etc/sshd_config and where it say
>SyslogFacility, change whatever second word is there to AUTH,
>	then, add the following line to /etc/syslog.conf:
>auth.*				/var/log/authlog
>	make sure to use tabs ("man 5 syslog.conf"). Then do "touch
>/var/log/authlog", chown it the way you like it, chmod to 640 and restart
>syslogd (or HUP it -- "man kill").
>	BTW, why does by default FreeBSD wouldn't have auth.* in it's
>syslog.conf? Is there a reason for it? Ugh.. this better be asked in
>-security list.

Yup, works like a charm.  Hmm, the reason I might have remembered this info
being logged before is I think in 2.1-stable it *was* logged by default, I
guess 2.2-stable dropped that for some reason.

>P.S. -- Don't use root for eMails. :)

Yeah, yeah, it's just too much of a pain to change it at this point :).
Although (and this really would belong on -security) I'd be interested in
hearing exactly why this would really cause any more problems than not
using root.  I don't actually read the mail on the system, so I can't think
of any reason it would open things up to problems more.


Gary Schrock
root@eyelab.msu.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message