From owner-freebsd-questions Wed Jan 12 8: 7:57 2000 Delivered-To: freebsd-questions@freebsd.org Received: from musik07.nada.kth.se (musik07.nada.kth.se [130.237.227.82]) by hub.freebsd.org (Postfix) with ESMTP id E989D14DB6 for ; Wed, 12 Jan 2000 08:07:48 -0800 (PST) (envelope-from su98-rin@nada.kth.se) Received: from localhost (su98-rin@localhost) by musik07.nada.kth.se (8.8.8+Sun/8.8.7) with SMTP id RAA28004; Wed, 12 Jan 2000 17:07:20 +0100 (MET) Date: Wed, 12 Jan 2000 17:07:20 +0100 (MET) From: Richard Nyberg To: Tony Wells Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sshd and syslogd In-Reply-To: <387B7288.8A5D24F5@journalstar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You have to put the 'auth.*'line somwhere above the '!startslip' line. The lines beginning with '!' starts a new section. You can also try to log authpriv.* messages. If the file authlog doesn't already exist you must create it before syslog can use it. Just do 'touch /var/log/authlog'. /Richard Tony Wells wrote: > I tried what you suggested, but still don't see messages from sshd in > /var/log/authlog; I still see login failures from telnet in > /var/log/messages. I rebooted the machine after I made the changes just > to make sure everybody read the changed config files. ~> Could I have a conflict in syslog.conf? The contents of syslog.conf are > listed below: > > # $FreeBSD: src/etc/syslog.conf,v 1.9.2.1 1999/08/29 14:19:02 peter Exp > $ > # > # Spaces are NOT valid field separators in this file. > # Consult the syslog.conf(5) manpage. > *.err;kern.debug;auth.notice;mail.crit /dev/console > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > mail.info /var/log/maillog > lpr.info /var/log/lpd-errs > cron.* /var/cron/log > *.err root > *.notice;news.err root > *.alert root > *.emerg * > # uncomment these if you're running inn > # news.crit /var/log/news/news.crit > # news.err /var/log/news/news.err > # news.notice > /var/log/news/news.notice > !startslip > *.* /var/log/slip.log > !ppp > *.* /var/log/ppp.log > auth.* /var/log/authlog > > Richard Nyberg wrote: > > > > My configuration: > > > > In sshd_config: > > > > SyslogFacility AUTH > > > > In syslog.conf: > > > > auth.* /var/log/authlog > > > > This puts all sshd messages _and_ all other auth messages in > > /var/log/authlog > > > > /Richard Nyberg > > > > > Does anyone know the magic to get sshd to log to /var/log/messages via > > > syslogd? I'm most interested in seeing the cause of failed connections. > > > > > > TIA > > > Tony Wells > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message