Date: Wed, 12 Jan 2000 14:31:17 -0600 From: Tony Wells <awells@journalstar.com> To: Richard Nyberg <su98-rin@nada.kth.se> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sshd and syslogd Message-ID: <387CE495.DA11DB1B@journalstar.com> References: <Pine.GSO.3.95.1000112165941.27850A-100000@musik07.nada.kth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to everyone for their help. I can now see log messages from sshd. Richard Nyberg wrote: > > You have to put the 'auth.*'line somwhere above the '!startslip' > line. The lines beginning with '!' starts a new section. > You can also try to log authpriv.* messages. > > If the file authlog doesn't already exist you must create it before > syslog can use it. Just do 'touch /var/log/authlog'. > > /Richard > > Tony Wells wrote: > > > I tried what you suggested, but still don't see messages from sshd in > > /var/log/authlog; I still see login failures from telnet in > > /var/log/messages. I rebooted the machine after I made the changes just > > to make sure everybody read the changed config files. > ~> Could I have a conflict in syslog.conf? The contents of > syslog.conf are > > listed below: > > > > # $FreeBSD: src/etc/syslog.conf,v 1.9.2.1 1999/08/29 14:19:02 peter Exp > > $ > > # > > # Spaces are NOT valid field separators in this file. > > # Consult the syslog.conf(5) manpage. > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > > mail.info /var/log/maillog > > lpr.info /var/log/lpd-errs > > cron.* /var/cron/log > > *.err root > > *.notice;news.err root > > *.alert root > > *.emerg * > > # uncomment these if you're running inn > > # news.crit /var/log/news/news.crit > > # news.err /var/log/news/news.err > > # news.notice > > /var/log/news/news.notice > > !startslip > > *.* /var/log/slip.log > > !ppp > > *.* /var/log/ppp.log > > auth.* /var/log/authlog > > > > Richard Nyberg wrote: > > > > > > My configuration: > > > > > > In sshd_config: > > > > > > SyslogFacility AUTH > > > > > > In syslog.conf: > > > > > > auth.* /var/log/authlog > > > > > > This puts all sshd messages _and_ all other auth messages in > > > /var/log/authlog > > > > > > /Richard Nyberg > > > > > > > Does anyone know the magic to get sshd to log to /var/log/messages via > > > > syslogd? I'm most interested in seeing the cause of failed connections. > > > > > > > > TIA > > > > Tony Wells > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387CE495.DA11DB1B>