From owner-freebsd-questions Mon Oct 29 11:40:51 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smnolde.com (rr-163-54-1.atl.mediaone.net [24.163.54.1]) by hub.freebsd.org (Postfix) with ESMTP id 946F537B617 for ; Mon, 29 Oct 2001 11:40:35 -0800 (PST) Received: from bsd.smnolde.com ([192.168.10.7] helo=bsd) by smnolde.com with esmtp (Exim 3.30 #1) id 15yIGw-000Kfq-00; Mon, 29 Oct 2001 14:40:34 -0500 Date: Mon, 29 Oct 2001 14:40:34 -0500 (EST) From: Scott Nolde To: Mark Hughes Cc: Subject: Re: sshd logging.... where?? In-Reply-To: <002001c1602b$7157bc40$0200a8c0@mark2> Message-ID: <20011029143607.H30578-100000@bsd.smnolde.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mark, I log sshd session in a file called /var/log/sshd.log and here's how I do it: 1. touch /var/log/sshd.log 2. edit your /etc/syslog.conf and add the lines !sshd *.* /var/log/sshd.log 3. killall -HUP syslogd The sshd will now log stuff into /var/log/sshd.log. Edit your /etc/ssh/sshd_config file to determine what gets logged. By default, the following lines are in sshd_config for sylog logging: SyslogFacility AUTH LogLevel INFO Change as necessary, more details are in the sshd manpage. - Scott smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Mon, 29 Oct 2001 03:39:45 -0000 >From: Mark Hughes >To: freebsd-questions@FreeBSD.ORG >Subject: sshd logging.... where?? > >Hello all, > >I'm trying to troubleshoot some problems I'm having with ssh/sshd, and I'm >quite, quite stuck on where sshd is actually logging to. > >>From what I understand, it sends it log entrys, by default, to syslogd, at >the auth.info level, so wherever this goes, I should find the logs - have I >got that right? > >The curious thing is, I can't find 'em. I've looked in /etc/syslog.conf, >and by that I've set them to go to /var/log/auth.log, which I've created >and chmod'd to 0600. > >I've even tried putting a "*.* /dev/console" at the top of >/etc/syslog.conf, and now all the system messages are coming to the >console....but still no signs of anything from sshd - failed logins, >successful logins, nothing to the logs.... > >Anyone got any ideas? I've tried changing the loglevel to DEBUG, which I'm >sure should spill loads of crap to the log every time somone logs in, but >still nothing. I've made sure to send a SIGHUP to sshd and syslogd every >time I changed something in the respective config files... > >...and still nothing. I have to admit, I'm quite, quite confused as to >where the hell they are going. > >TIA, >Mark >-- >Mark Hughes - DVD & Film Content Manager, Technical Officer >Digital Spy Ltd >http://www.digitalspy.co.uk/ >Your number one source for digital media and entertainment news! > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message