From owner-freebsd-questions  Thu Aug  2 11:30:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from amsfep14-int.chello.nl (unknown [213.46.243.21])
	by hub.freebsd.org (Postfix) with ESMTP id 4375B37B408
	for <freebsd-questions@FreeBSD.ORG>; Thu,  2 Aug 2001 11:30:24 -0700 (PDT)
	(envelope-from r.fongpoen@igr.nl)
Received: from i2000x ([62.163.122.246]) by amsfep14-int.chello.nl
          (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with SMTP
          id <20010802182637.MJOA1049.amsfep14-int.chello.nl@i2000x>
          for <freebsd-questions@FreeBSD.ORG>;
          Thu, 2 Aug 2001 20:26:37 +0200
From: "R. Fong Poen" <r.fongpoen@igr.nl>
To: <freebsd-questions@FreeBSD.ORG>
Subject: SSH access lof file
Date: Thu, 2 Aug 2001 20:42:22 +0200
Message-ID: <HOEGKJEHPOIFECNFKKABMEIJCEAA.r.fongpoen@igr.nl>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello,
I hope someone can help me.
I run FreeBSD and apache.
To maintain my server I use SSH1.
However, I would like to know who logged in using SSH.
in the file /etc/ssh/ssh_config I would have:

	SyslogFacility AUTH
	LogLevel INFO

in the file /etc/syslog.conf I can set everything to be logged in 1 file
using:

	# uncomment this to enable logging of all log messages to /var/log/all.log
	*.*                                             /var/log/all.log

If I log everything to 1 log file the SSH log entries are there but what a
extra big file this would become.

Aug  2 19:27:49 www sshd[212]: log: Server listening on :: port 722.
Aug  2 19:27:49 www sshd[212]: log: Server listening on 0.0.0.0 port 722.
Aug  2 19:27:49 www sshd[212]: log: Server listening on :: port 22.
Aug  2 19:27:49 www sshd[212]: log: Server listening on 0.0.0.0 port 22.
Aug  2 19:27:49 www sshd[212]: log: Generating 768 bit RSA key.
Aug  2 19:27:50 www sshd[212]: log: RSA key generation complete.
Aug  2 19:28:41 www sshd[230]: connect from a122346.upc-a.chello.nl
Aug  2 19:28:41 www sshd[230]: log: Connection from 62.163.122.249 port 1454
Aug  2 19:28:46 www sshd[230]: log: Password authentication for raymond
accepted.
Aug  2 19:28:46 www sshd[230]: raymond from a122346.upc-a.chello.nl
(password authentication accepted)

Is there a possibillity to have all activity from SSH logged in a seperated
file.

I have tried the following in the file /etc/syslog.conf

	# SSH
	ssh.*                                           /var/log/ssh_log
and	sshd.*							/var/log/ssh_log

Both do not work.

Ok.
Thanks already for your reaction.

Raymond



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message