Date: Mon, 16 Sep 2013 20:44:07 +0200 From: aurikus grande <aurikus@gmail.com> To: Rick Miller <vmiller@hostileadmin.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: how to log sshd access in a single file Message-ID: <CAPzqM6B0dfS=0_V=6nnZwc6m%2BSVQDN=R6TaG37hP4rf6z9rTjQ@mail.gmail.com> In-Reply-To: <CAHzLAVEtM=8rhcd4s-sjJ2Kcoy-RnOpxgJTCWOHaT_r85h2p8w@mail.gmail.com> References: <CAPzqM6D=hy9P-N3TwLZQAbPp4bU_Sp57-LN-DmLaBkD_3jQSTg@mail.gmail.com> <CAHzLAVH%2BDU67cYt9vQB9BSRor8HgsL=A_HxFGbXpPaG-0ukEFQ@mail.gmail.com> <CAPzqM6Duoe5qOPevqHPrXG=%2Bq5u=AYrBe88yKH5ksAx76ac=aw@mail.gmail.com> <CAHzLAVE96vJK3ni1=WoSbiChODa7PhWhghLOKTXHNw9qnVM3=A@mail.gmail.com> <CAPzqM6CL=LJA9MHnKW8NS7=Y_36NgeGuJCSt98zUedAvmCfKww@mail.gmail.com> <CAHzLAVEtM=8rhcd4s-sjJ2Kcoy-RnOpxgJTCWOHaT_r85h2p8w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Most web servers handle their own logging. I do _not_ want the web server acces to be logged (at least as of now). >Have you looked at /var/log/auth.log? yes, and as you mentioned in your previous update, it logs the success login (only). Unsuccessfull attempts are being sent to /var/log/messages . So there are 2 separate files. I would like to have all sshd access attempts in one single file - regardless if they are successfull or unsuccessfull. Quotation: "I believe FreeBSD defaults to failed ssh authentication is logged to /var/log/messages while successful authentication is written to /var/log/auth.log." >Can you elaborate on your reasons for running sshd via inetd? I'm curious as I've never even heard of anyone attempting this. When i searched how to setup / configure sshd on internet, i found many hints to start it using inetd. Since it worked for me there was no reason to change it. Best regards, aurikus 2013/9/16 Rick Miller <vmiller@hostileadmin.com> > On Mon, Sep 16, 2013 at 1:57 PM, aurikus grande <aurikus@gmail.com> wrote: > >> Hello Rick, >> >> sorry that i did not reply to all, from now on i will use "reply to all". >> Thanks for pointing it out. >> >> I will also open port 80 for web access, but i do not want to log those. >> Because i expect a huge amount of traffic on my server. >> > > Most web servers handle their own logging. > > So i only want to log successfull and unsuccessfull sshd access. >> > > Have you looked at /var/log/auth.log? > > twist is part of the FreeBSD 9.1 base installation, i did not yet install >> any other package. >> > > That was my mistake, I sent the email before editing that out as I had > intended. > > The idea behind using hosts.allow was because i could specify the rule by >> the service (and not by the level of the message). >> >> And yes, in my case sshd is configured to run via inetd. >> >> You are correct, my main goal is to log all failed sshd attempts. If it >> is easier to log successfull and failed attempts (to the same file), this >> would also be fine for me. >> > > Can you elaborate on your reasons for running sshd via inetd? I'm curious > as I've never even heard of anyone attempting this. > > > -- > Take care > Rick Miller >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPzqM6B0dfS=0_V=6nnZwc6m%2BSVQDN=R6TaG37hP4rf6z9rTjQ>