Date: Mon, 29 Oct 2001 15:14:29 -0500 (EST) From: Scott Nolde <scott@smnolde.com> To: Mark Hughes <mark@dvdnews.co.uk> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: sshd logging.... where?? Message-ID: <20011029151139.O38401-100000@bsd.smnolde.com> In-Reply-To: <004e01c160b3$3f3401f0$0200a8c0@mark2>
next in thread | previous in thread | raw e-mail | index | archive | help
I've had trouble with syslogd before and have had to use syslog-ng to log things properly. I wonder if you try syslog-ng if the messages will show up. I'm using 4.4-STABLE now, with OpenSSH-2.9.9 and my method works. Perhaps if you upgrade to OpenSSH-2.9.9 it'll work properly. Another thing you might try to do is ask the question in comp.security.ssh and perhaps you'll back a better answer as to why the logs aren't showing up. - Scott smacked into the keyboard previously by Mark Hughes: >Date: Mon, 29 Oct 2001 19:51:57 -0000 >From: Mark Hughes <mark@dvdnews.co.uk> >To: Scott Nolde <scott@smnolde.com> >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: sshd logging.... where?? > >The thing is, I've tried that, and I'm still getting absolutely nothing in >the logs :-( It seems like sshd is somehow set to some sort of quiet mode - >any ideas about how this may have happened? I've not changed anything from >the basic install w.r.t. ssh - it's a 4.3-release box, just upgraded to >4.4-stable a couple of days ago. > >Mark > > >----- Original Message ----- >From: "Scott Nolde" <scott@smnolde.com> >> Mark, >> >> I log sshd session in a file called /var/log/sshd.log and here's how I do >> it: >> 1. touch /var/log/sshd.log >> >> 2. edit your /etc/syslog.conf and add the lines >> !sshd >> *.* /var/log/sshd.log >> >> 3. killall -HUP syslogd >> >> The sshd will now log stuff into /var/log/sshd.log. Edit your >> /etc/ssh/sshd_config file to determine what gets logged. By default, the >> following lines are in sshd_config for sylog logging: >> SyslogFacility AUTH >> LogLevel INFO >> >> Change as necessary, more details are in the sshd manpage. >> >> - Scott >> >> >> smacked into the keyboard previously by >owner-freebsd-questions@FreeBSD.ORG: >> >> >Date: Mon, 29 Oct 2001 03:39:45 -0000 >> >From: Mark Hughes <mark@dvdnews.co.uk> >> >To: freebsd-questions@FreeBSD.ORG >> >Subject: sshd logging.... where?? >> > >> >Hello all, >> > >> >I'm trying to troubleshoot some problems I'm having with ssh/sshd, and >I'm >> >quite, quite stuck on where sshd is actually logging to. >> > >> >>From what I understand, it sends it log entrys, by default, to >syslogd, at >> >the auth.info level, so wherever this goes, I should find the logs - >have I >> >got that right? >> > >> >The curious thing is, I can't find 'em. I've looked in >/etc/syslog.conf, >> >and by that I've set them to go to /var/log/auth.log, which I've >created >> >and chmod'd to 0600. >> > >> >I've even tried putting a "*.* /dev/console" at the top >of >> >/etc/syslog.conf, and now all the system messages are coming to the >> >console....but still no signs of anything from sshd - failed logins, >> >successful logins, nothing to the logs.... >> > >> >Anyone got any ideas? I've tried changing the loglevel to DEBUG, which >I'm >> >sure should spill loads of crap to the log every time somone logs in, >but >> >still nothing. I've made sure to send a SIGHUP to sshd and syslogd >every >> >time I changed something in the respective config files... >> > >> >...and still nothing. I have to admit, I'm quite, quite confused as to >> >where the hell they are going. >> > >> >TIA, >> >Mark >> >-- >> >Mark Hughes - DVD & Film Content Manager, Technical Officer >> >Digital Spy Ltd >> >http://www.digitalspy.co.uk/ >> >Your number one source for digital media and entertainment news! >> > >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> > >> >> Scott Nolde >> GPG Key 0xD869AB48 >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029151139.O38401-100000>